You'd "need" (in the handwaviest sense, because nobody had designed a crypto token based on one-time pads here) OTP content for every authentication attempt.