本文详细讨论了“一次性口令”认证技术的原理和实现过程,分析了常用OTP认证不能抵御主动攻击和内部攻击的局限性,以及OTP认证存在小数攻击等安全漏洞,提出了一种改进方案,这种改进的OTP方案能够在不增加用户负担的情况下抵御小数攻击和重放攻击,并用Java实现了其在刚上会员制电子书店中的应用。 This paper discusses in detail the principle and implementation process of “one-time password” authentication technology, analyzes the limitations of common OTP authentication that can not resist active attacks and internal attacks, and security flaws such as decimal attacks of OTP authentication. An improved solution is proposed, This improved OTP solution can withstand fractional attacks and replay attacks without increasing the user burden and implement its application in a member-only e-bookstore in Java.