The present invention relates to an authentication method and system, and more particularly to a two factor authentication system based on the generation of a low cost code book. The number of interactions that an individual may carry out via an electronic interface is continually increasing. Automatic Teller Machines are now ubiquitous, and with the spread of the Internet, services such as online commerce, Internet banking, credit card and other bill payments, personalized websites including webmail sites, and even tax declaration are increasingly common. In virtually all cases it is necessary for a user to identify himself to the system at some stage, and furthermore to authenticate this identity. The usual means for carrying out this authentication is by submitting a PIN code, password or other piece of secret data, which is known by the service and the user alone. With the multiplication of such services, an individual is required to maintain and remember an increasingly large number of such pieces of secret information. Furthermore, as a general rule it is desirable that each such piece of information should be unique to the service in question, and that it should be as large and random as possible, to minimize the risk of the discovery of one secret prejudicing the security of multiple systems, and the probability of a third-party guessing the secret. Ideally each piece of secret information should be replaced frequently to maintain high security standards. It is also highly undesirable that a user should write down or otherwise record such secrets in an unprotected manner. A tension thus arises between the need for a user to remember a large number of large pieces of random data, and the propensity of most individuals to choose the simplest option, such as choosing a well known and easy to remember set of passwords and using them in a cyclic way for all their services. This behaviour enormously reduces the security of protected resources.