When a user accesses a website which has SecuSURF installed, the user is presented with a dialog that asks for the One-Time Password.
The user uses the web browser on a mobile phone which has been registered with SecuSURF to access the SecuSURF site.
The user is asked for his PIN number for SecuSURF to generate a new one-time password.
If SecuSURF successfully verifies the mobile phone and the user’s PIN, a new One-Time Password is generated for the user.
The user then inputs the One-Time Password into the website to gain access.

Through the browser on the mobile phone, the user enters his PIN number to obtain a One-Time Password from the SecuSURF server.
The SecuSURF server verifies the mobile phone and the PIN entered by the user. If verification is successful, a One-Time Password is sent to the mobile phone.
The newly generated One-Time Password is recorded into a database for that particular user.
The user then enters the One-Time Password into the website’s login page.
The website takes the login credentials and uses an API to communicate with the SecuSURF server to verify the One-Time Password. If the One-Time Password is verified, the user is allowed access into the website.
The One-Time Password is then marked as obsolete so that it cannot be used again. When the user visits the site again, he will have to retrieve a new password with his mobile phone.