A method in a first entity for authenticating itself to a second entity by proving to the second entity that it is in possession of a full secret without sending the full secret to the second entity, the method comprising: receiving in the first entity an input from a user, the full secret having been divided into at least a first factor and a second factor and the input relating to the second factor of the full secret; reconstructing in the first entity the full secret from at least the first factor and the input; and carrying out a calculation in the first entity using the reconstructed full secret and sending the results of the calculation to the second entity, wherein the results provide an input to a pairing calculation in the second entity. The second entity carries out the pairing calculation to determine whether the client is in possession of the secret. The first entity may be a client and the second entity may be a server. A trusted authority may have issued the client with the secret and may also have issued the server with another secret to allow it to carry out the calculation to determine whether the client is in possession of its secret.