It sure would. Which is why you want s/key passwords so that whoever just recorded all of your keystrokes doesn't get a usable password for your account. That's the magic of one-time passwords, they're immune to replay attacks.