Disclosed is a user authentication method including at least: (1) performing a primary conversion to generate a first common authentication key and performing a secondary conversion to provide an encrypted first common authentication key, and registering the encrypted first common authentication key; (2) generating a first server authentication key, and performing an OTP operation on the first server authentication key to generate first server authentication information; (3) performing a primary conversion to generate a second common authentication key, performing a secondary conversion to generate an encrypted second common authentication key, generating a first user authentication key, and performing an OTP operation on the first user authentication key to generate first user authentication information; and (4) performing a user authentication or an authentication of the authentication server for determining a genuineness of the authentication server, based on coincidence of the first server authentication information and the first user authentication information.