Some conventional authentication systems require a human to maintain physical possession of a token and to provide a correct one-time use passcode (OTP) from the token to an authentication server before being allowed to access a protected resource. During authentication, the human reads a current OTP (i.e., a string of six or eight alphanumeric characters) from a display of the token and manually types the current OTP into a client apparatus which is in direct or indirect communication with the authentication server.
If the current OTP is correct (e.g., the current OTP matches an expected OTP on the authentication server), the authentication server outputs a signal which enables the human to access the protected resource. However, if the current OTP is incorrect (e.g., the current OTP does not match the expected OTP on the authentication server), the authentication server outputs a signal which prevents the human from accessing the protected resource.