Project aims

• to enable the wider adoption of two-factor authentication
• to undermine the efforts of keystroke loggers and other trojans
• to reduce spam, by significantly increasing the effort required to make effective phishing attacks

Features

• Secure UNIX server and API combined with Android soft-token
• two-factor authentication using open standards (HOTP, TOTP and soon OCRA) for one-time-passwords
• C library for inclusion in existing software and web sites
• OpenID (using SimpleID) for web applications/single-sign-on (SSO)
• PAM for easy UNIX and LDAP integration (SASL, RADIUS and JAAS in development)
• enterprise class scalability and security
• flexible, modular user data storage to suit a range of private and public use cases
• free (GPL) and open source so that you can see the code is really secure
• open standards (HOTP and TOTP) so you are not locked in to a single token vendor
• combined PIN + token code login
• Works with Google Authenticator or the dynalogin open-source soft-token on Android

Key benefits of the Android soft-token

• Based on a cryptographic algorithm so token codes can't be guessed - they appear random
• A single install of the soft-token app can have multiple key profiles (e.g. one profile for your e-banking, another for the company VPN and another for your OpenID/blog/facebook), so there is no need to carry 5 different tokens on a keyring
• Does not require any network connectivity when computing a token code
• Can be used when roaming, even if you disable data connectivity while abroad
• Does not require any SIM card, so it can be used on tablets and music players running Android
• Works in places where there is no mobile or wifi signal (e.g. using Vodafone in many parts of Australia)
• Many of these features make dynalogin much more appropriate than the mobile SMS login solutions now offered by some banks