Techniques are disclosed relating to authenticating a user based on a partial password. In one embodiment, a computer system stores masking criteria defining how a mask is to be applied to generated passwords. In some embodiments, the computer system receives a request from a user to generate a one-time password. In response to the request, in some embodiments, the computer system generates the one-time password having a sequence of characters, applies the mask to the generated one-time password to select a subset of the sequence of characters usable to authenticate the user, and presents the selected subset of characters to the user as a partial password for authentication.