Techniques are described for single or multi-factor authentication. An access request is received followed by a prompt for authentication data comprising a segment of a continuous rolling authentication code. Upon receipt of the segment of a continuous rolling authentication code, it is compared to another version of the continuous rolling authentication code generated by an algorithm and shared secret key known to both parties. The access request may be authenticated when the segment of the rolling authentication code received in response to the prompt for authentication data matches a segment the continuous rolling authentication code generated. Otherwise, it is rejected.