SMSAuthenticator is an authentication module for situations where "username and password"-login provide insufficient security. Additional security is achieved by sending keys (single-use passwords) by SMS to the user's mobile phone. The user must return a correct single-use password within a certain timeframe (in addition to a correct username and password first), in order to be authenticated successfully. This solves some of the main problems of using ordinary passwords only (e.g., password guessing and password sniffing), without requiring special hardware like smartcards on the user's side. Only a GSM device capable of showing SMS messages is required on the user end. SMSAuthenticator is a Java-based (J2SE 1.2 or higher) Web service component, and may be integrated into any application capable of accessing SOAP services. It has a Web-based administration interface for managing user accounts, and also generates pronouncable passwords according to the FIPS 181 standard.
