Hey Fajar and Alexander, thanks! That's exactly what I was looking for. A cheap way to pre-validate tokens without having to Exec an 'expensive' external program to check if the token is computationally correct. Simply because I expect a LOT of faulty regular passwords to fall through from the password check to the OTP check. Regards, Cor