Using static passwords for authentication, as it is commonly done, has quite a few security drawbacks: passwords can be guessed, forgotten, written down and stolen, eavesdropped or deliberately being told to other people. A better, more secure way of authentication is the so called "two-factor" or "strong authentication" based on one time passwords. Instead of authenticating with a simple password, each user carries a device ("token") to generate passwords that are valid only one time. Commercially available tokens look like pocket calculators or key fobs with a display and a keypad. To generate a one time password, the user has to enter his personal PIN into the device. So the authentication is based on two factors: the token device and a PIN ("something you have and something you know"). This is obviously more secure than just a password, as an attacker needs to get hold of both the PIN as well as the token device. In addition, eavesdropping on a password that is valid only one time, is of no use to the attacker. On the other hand, the drawback of strong authentication is, that every user has to be provided with a token device. This can be quite expensive. Fortunately mobile phones that are capable of running java applets are becoming more and more widely spread. It stands to reason to use your mobile phone as an authentication token ... Mobile-OTP is a free "strong authentication" solution for java capable mobile devices like phones or PDAs. The solution is based on time synchronous one time passwords. It consists of a client component (a J2ME MIDlet) and a server component (a unix shell script). The server component can easily be plugged into free RADIUS servers like XTRadius to authenticate users at routers, firewalls, web servers, access points, unix machines, etc. The shell script should run without modification on any BSD-Unix or Linux. The java MIDlet should be compatible to any java enabled mobile phone (Nokia, Siemens, Motorola, etc.). The MIDlet, server-script and RADIUS server are freely available under the terms of GPL.