VNC does not have any OTP (one time password) functionality, so i hacked one on my own before hitting the bed after work.
When browsing through the code i noticed that tightvnc will not take more than 8 characters in the password.
The rest is simply thrown away. Mmm... that feels like real good security.

Not telling users about such peculiarities.
But nevermind... maybe users dont use more than 8 characters as a password anyway. I do, so you can forget about bruteforcing! ;-)

Another funny thing about tight vnc is that instead of doing what is the common approach, that is to only store the hash of the key, the key is stored encrypted with a static DES key. That is, it is in plaintext, with a twist.
Well... the filesystem should be sucure anyway.

Now on to the OTP for tight VNC server (running on linux/unix) I just took out the portion of vncpasswd that did the encryption and added retreiving new password from file. Real simple.
You just make a batch of passwords in a text file, one password on each line. Then you may store the list on your mobile, palm, ipaq or whatever, and there you go.
Simple OTP.
The downside is that you need to call the program yourself each time you want the next password, since i did not find an easy way (except for modifying tight vnc server code), to call the program on disconnect. Maybe you can throw it in to the X logout script.

Source is found below.