Hello. I'm thinking of developing a "poor man's" one-time password (OTP) module. I call it a poor man's OTP since it will not require the purchase of a hardware key fob for generating passwords and the one-time passwords will be emailed to a mobile phone using a secure SMTP server rather than a SMS gateway which usually incurs a fee.
The idea for this module came about because some admin users for another Drupal application I developed are using very weak passwords to access the system. With this OTP module, the user will be required to enter both their regular password and a one-time password. I suppose I could implement an existing module to force more complex passwords but then the user will just write it down on a sticky note and paste it to their monitor which doesn't make the system any more secure.
Not all users will need to have OTP since they don't access sensitive information. Therefore, the module will provide the option to set OTP per user role or site-wide.
A search on the Drupal modules page revealed a couple of projects linked to commercial OTP but I didn't find anything similar to what I'm proposing. Do any of you know of something similar in existence? I certainly don't to re-invent the wheel if I don't have to. Thanks.