HOTP was published as an informational IETF RFC 4226 in December 2005, documenting the algorithm along with a Java implementation.
The one-time property leads directly from the single use of each counter value.
The recommendation is made that persistent throttling of HOTP value verification take place, to address their relatively small size and thus vulnerability to brute-force attacks.
6-digit codes are commonly provided by proprietary hardware tokens from a number of vendors informing the default value of d. Truncation extracts 31 bits or
Software tokens are available for (nearly) all major mobile/smartphone platforms (J2ME,[2] Android,[3] iPhone,[4] BlackBerry,[5] Maemo,[6] macOS,[7] and Windows Mobile[5]).
Although the early reception from some of the computer press was negative during 2004 and 2005,[8][9][10] after IETF adopted HOTP as RFC 4226 in December 2005, various vendors started to produce HOTP-compatible tokens and/or whole authentication solutions.
According to the article "Road Map: Replacing Passwords with OTP Authentication"[11] on strong authentication, published by Burton Group (a division of Gartner, Inc.) in 2010, "Gartner's expectation is that the hardware OTP form factor will continue to enjoy modest growth while smartphone OTPs will grow and become the default hardware platform over time."