If you manage computers that people will access over the Internet or other computer networks, then you should seriously consider implementing some form of one-time password system. Otherwise, an attacker can eavesdrop on your legitimate users, capture their passwords, and use those passwords again at a later time.

Is such network espionage likely? Absolutely. In recent years, people have broken into computers on key networks throughout the Internet and have installed programs called password sniffers (illustrated in Figure 19-2). These programs monitor all information sent over a network and silently record an initial portion of each network connection to capture each person’s username, password, and sometimes additional information.^[283] In at least one case, a password sniffer captured tens of thousands of passwords within the space of a few weeks before the sniffer was noticed; the only reason the sniffer’s presence was brought to the attention of the authorities was because the attacker was storing the captured passwords on the compromised computer’s hard disk. Eventually, the hard disk filled up, and the computer crashed!

Figure 19-2. Password sniffing

One-time passwords,^[284] as their name implies, are passwords that can be used only once, as we explained in Chapter 4. They provide strong protection against password sniffers.

Another application that demands ...