The following series of screens demonstrates the OnePass/400 functions of prompting for a second, single-use password during a Telnet (or any client) signon session. Telnet presents a normal AS/400 signon screen such as the following:

The user profile and password fields are not encrypted when using Telnet. As a result, anyone using "sniffer" software or other methods of observing the Telnet connection can read your profile and password information and then use it to gain access to your AS/400.

OnePass/400 addresses this security exposure by requiring a second level password following the initial logon operation. The additional password request appears as follows:

If an incorrect password is supplied, the terminal session is immediately logged off. Once a legitimate single-use password has been supplied, the signon operation is completed and the password is permanently retired. Anyone observing the logon sequence may be able to obtain the user profile, password and single-use password but they will not be able to use this information to gain access to a new Telnet session.

The following is the main function menu for OnePass/400:

There are options on the menu for password generation and listing along with administrative controls for the product.