Abstract: A method includes dynamically generating an authentication grid that identifies an association between a first set of characters and a second set of characters. Based on a shared secret associated with a user, an encrypted version of the authentication grid is generated and transmitted to a first computing device associated with the user. A challenge is generated and transmitted to a second computing device associated with the user. User input is received, and the user is authenticated based at least in part on the authentication grid and a mapping of at least one character in a first set of characters in the challenge to at least one second character the user input.

Abstract: Provided is a process, including: retrieving an identifier of a mobile computing device associated with a user; causing a push notification to be sent to the mobile computing device, wherein the push notification comprises or causes the mobile computing device to retrieve an authentication-session specific value; forming an authentication-session record that associates the authentication-session specific value with the mobile computing device; receiving an identifier that identifies the mobile computing device, and a cryptographically signed value demonstrating possession of both the authentication-session specific value and a private cryptographic key; determining to authenticate the user by selecting, the authentication-session record from among a plurality of authentication-session records; and determining, based on both a public cryptographic key of a profile of the user and the authentication-session specific value, that the received cryptographically signed value correctly demonstrates possession of bot

Abstract: A method includes dynamically generating an authentication grid that identifies an association between a first set of characters and a second set of characters. Based on a shared secret associated with a user, an encrypted version of the authentication grid is generated and transmitted to a first computing device associated with the user. A challenge is generated and transmitted to a second computing device associated with the user. User input is received, and the user is authenticated based at least in part on the authentication grid and a mapping of at least one character in a first set of characters in the challenge to at least one second character the user input.