Online service is an important driving force behind many of today's Web 2.0 applications. For security and privacy concerns, authentication is required for all of services that involve online transactions. Authentication is the process of verifying a user's identity when the user is requesting services from any secure Information System (IS). By far, the most popular authentication technique is a basic username - password based method that is commonly considered to be a weak technique of authentication. A more secure method is the multi-factor authentication that verifies not only username-password pair, but also requires a second or third unique physical or biological factor.