For a page that just has the applet on it, and not the excess verbiage, look here.
An OTP one-time password is calculated by combining a seed with a secret password known only to the user, and then repeatedly applying either the MD4 or MD5 secure hash algorithms a number of times equal to the sequence number. Each time the user is authenticated, the sequence number expected by the system is decremented.
For a detailed explanation, follow the link to the S/Key paper listed below.
I assure you that I have no such intention, but paranoia would dictate that if you're actually going to use this, that you might consider grabbing the sources, giving them the once-over to look for suspicious activity (like network communication), compile the java source files yourself, and stick the resulting class files somewhere safe. Even if I'm not a bad guy, I can't guarantee that this applet wasn't corrupted by someone else after I put it here. You're welcome to use it straight from here, of course, but consider yourself officially cautioned.
However, this doesn't equate the word Java with insecure. I recommend anyone interested in using this or any other security-relevant java applet to apply the same care that they would apply to running any net.software. If you're security-conscious, then you need to grab the software in source form, bring it to your machine, and look through the source as well as you can to look for suspicious behavior (e.g. file or net operations in utilities that shouldn't be doing this), compile it yourself, and run your local copy of the applet. Will everyone actually do this? No, of course not. But I defy anyone to demonstrate that using a java application in this manner is any different than using any other software you downloaded off the net (like the S/Key distribution itself, for instance), it is equally secure (or insecure).
We've come up with an internet that works. We've got all sorts of interesting protocols and plenty of functional client and server software written, and everybody's happy. Unfortunately this whole mess is mostly insecure, and we're going to have to redo an awful lot of it. This is going to entail re-writing a lot of client software, and that means re-writing it for Unix, for Windows, for Macs, and for whatever else is out there. We could sit down and re-write N different versions of these things, or we could re-write them once Java, at least for the first round, perhaps to be replaced with OS-customized versions later. So this is the important role that I see Java playing in the world of, of all things, internet security. It would be foolish of us, IMHO, to overlook java's utility in this role, due to its limitations in other areas.