In this paper, we discuss the requirements of onetime password system with cryptography. In addition to the requirements of convenience and efficiency, the security of the one-time password system is not on the privacy of the algorithm but on the secrecy which is shared by client and server. Therefore we find that the basic requirements of the one-time password are easy computation and difficult recovery, no extra storage of server, different every time, relative to user account, and the usage of the secret between server and client. Based on cryptographic one-way hash function, we proposed a basic structure of one-time password system for performance and security discussion.