Normally FTP sends all passwords via the network in clear-text. Anyone with a packet sniffer in the right place can see them. OTP (=One Time Passwords) changes this, it never sends a password over the network. Instead, it sends a one-way encrypted version of the password called 'hash' over the net. There is no way known to man to retrieve the original password from this hash, so it is very safe. The same hash value is never used twice. So even if someone intercepts it, replaying will not work (that is where the term "one-time password" comes from).
Serv-U supports a popular form of OTP, called S/KEY that in turn comes in two variants, MD4 and MD5, which is the name of the hash function it uses, and both are supported in Serv-U. S/KEY can be enabled for individual user accounts via the General user account tab. When storing passwords in encrypted form, new passwords must be entered since Serv-U needs to know the password when using S/KEY and the encrypted password stored in the user setup cannot be decrypted.
To use S/KEY a client either needs to support it (one that supports S/KEY is FTP Voyager, see http://www.ftpvoyager.com), or needs to let you intercept the USER response and manually enter your password at each log in (the command line FTP client will allow this). In the latter case the S/KEY 'calculator' is required. This program helps calculate a response to Serv-U's challenge. It is named "WinKey" and can be found at:
ftp://ftp.cat-soft.com/add-ons/winkey/