Protection of sensitive information is a growing concern worldwide. Failure to protect sensitive information can lead to loss of clients in the banking sector or threaten national security. Access to sensitive information starts with e-authentication. Most authentication systems are designed for authenticated users only. However, the user is not the only party that needs to be authenticated to ensure the security of transactions on the Internet. Existing One-Time Password (OTP) mechanism cannot guarantee non-repudiation and fail to guarantee reuse of a stolen device, which is used in authentication.