EE OTP modifies the EE log in process to require a user to enter a six-digit "One-Time Password" in addition to their regular log in credentials; the six-digit code is generated algorithmically from a sixteen character key which is associated with the member account.
The algorithm used by EE OTP conforms to the requirements of IETF rfc4226 allowing its OTP codes to be generated by most standard "Authenticator" apps.
EE OTP also allows for the OTP code to be sent to the member by email during the log in process. A later version will add support for the sending OTP codes by SMS and possibly other messaging platforms.
EE OTP uses the Member Roles system introduced in EE6 to control which site members have access to OTP, and to set whether access for a role group is optional or mandatory.