An approach is provided that receives a login request from a selected user. The approach first authenticates the selected user using a unique user identifier and a password associated with the selected user. In response to a successful first authentication, the approach performs a second authentication of the selected user using a second factor authentication code that was included in the login request. The second authentication includes retrieval of an expected second factor authentication code using an index into a block of codes with the index and the block of codes both being associated with the selected user. The login request is allowed and the index is changed in response to the second factor authentication code matching the expected second factor authentication code. The login request is denied in response to the second factor authentication code failing to match the expected second factor authentication code.