One-time passwords (OTP) have been in use for access control applications for a number of years and provide a level of security by allowing dynamic data to be used in accessing physical and logical assets and by providing for multi-factor authentication. As the name implies, an OTP is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords. For example, in contrast to static passwords, they are not vulnerable to replay attacks. This means that an OTP that was already used to log into a service or to conduct a transaction is of no value to a potential intruder since it will be no longer valid.