A suspect user (110) seeks access to a network resource from an access
authority (150) utilizing a passcode received from an authentication
authority (130). Initially, an ID of a device is bound with a PIN, the
device ID is bound with a private key of the device, and the device ID is
bound with a user ID that has been previously bound with a password of an
authorized user. The device ID is bound with the user ID by
authenticating the user ID using the password. Thereafter, the suspect
user communicates the device ID and the PIN from the device over an
ancillary communications network (112); the authentication authority
responds back over the ancillary communications network with a passcode
encrypted with the public key of the device; and the suspect user
decrypts and communicates over a communications network (114) the
passcode with the user ID to the access authority.