A method of providing secure authentication of a service user at a self-service terminal is described. The method comprises: detecting attempted access by the service user to a restricted function on the self-service terminal and ascertaining if a predefined operating system account is present on the terminal. In the event that the predefined operating system account is not present, then the method comprises permitting access to the restricted function by the service user. In the event that the predefined operating system account is present, then the method comprises requesting the service user to provide login credentials and authenticating the login credentials using the operating system account. If the login credentials are not authenticated, access to the restricted function is denied; whereas, if the login credentials are authenticated, access to the restricted function is permitted.