Abstract: An authentication method implemented on a server for authenticating a user device in a network comprising user devices and a server associated with a resource to be accessed. The server is configured to receive a request for access to a resource from a first user device and identify an entity to be authenticated from the request. A rule information set specifying how to form a one-time-passcode from a random code is defined and the random code is provided to a first device associated with the identified entity. A rule information set is provided to a second device associated with the identified entity and a one-time-passcode from the second device generated from the random code using at least one rule information set and received at the server.