Protectimus DSPA (Dynamic Strong Password Authentication) is an MFA component designed to add two-factor authentication directly to Active Directory (AD), LDAP directories, and databases, without requiring changes to existing applications. The solution works by dynamically modifying a user's static password with a one-time component derived from a TOTP/OTP token. This means that authentication systems like AD and LDAP receive what appears to be a standard password change, while the actual value changes with each login attempt — effectively enforcing MFA at the directory or database level. This approach allows organizations to implement MFA in environments where traditional 2FA integration is difficult or impractical, such as legacy systems that only support password-based authentication natively. Protectimus DSPA is positioned as an on-premises component, suitable for organizations that require MFA enforcement at the infrastructure layer rather than at the application layer. It is part of the broader Protectimus authentication product suite, which also includes cloud-based MFA, RADIUS-based 2FA, and hardware OTP tokens.