We use Google Authenticator to provide two-factor authentication to email and a number of Android and Google Apps. Google Authenticator is very similar to SecurID in terms of end user experience - the Google Authenticator app runs on your smartphone and Google sends an authentication code out every minute which is used to authenticate to Google Mail and third-party apps. Apps and browsers get to save a cookie which allows them to be remembered for 30 days or until cookies are cleared. Adding two-factor authentication to OTRS seems a good idea - has anyone looked at the published API and code examples for Google Authenticator as a way to provide 2-factor authentication to OTRS sites? Rob M.