A conventional authentication token outputs a one-time use passcode (OTP) to a computer user. The computer user then reads the OTP from the authentication token and types the OTP into a computer to prove that the computer user is in possession of the authentication token.
If the typed OTP matches an expected OTP, authentication is successful and the computer user is considered authentic. However, if the typed OTP does not match the expected OTP, authentication is considered unsuccessful (e.g., because the computer user may be a fraudster).