MobFob

Ever wanted your own token based authentication, similar to RSA's SecurID?

I have written an implementation of a similar thing for phones and PDAs that run Java.

You can download it here:
MobFob.jad
MobFob.jar (Last modified: 2008-10-01)
Here is an example of the code that you would use to make use of it in PHP:

<?php

$refreshMins    = 2;
$key            = "somekey";
$chars          = 6;

$mins   = floor(gmmktime() / (60 * $refreshMins));

$username       = $_POST["username"];
$password       = $_POST["password"];
$token          = $_POST["token"];

if ( $username == "calum" && $password == "password" &&
	$token == substr(md5($mins.$key), 0, $chars) ) {
	print "Yes, correct.";					                }
							
?>

You can see it in action (and no, it doesn't use the key above)

This checks your username, password, and the first X chars of the displayed code.
It's very simple, and works well. It's very secure, as long as your phone isn't stolen, or that you don't divulge your key.
Note: It requires synchronised times, so if you're having problems, check the times.

Requirements: Phone/PDA supporting CLDC 1.0, MIDP 2.0

Further plans

To make a PAM module, so that SSH/login/whatever can require an extra step.