A first cryptographic device is configured to generate a passcode for submission to a second authentication device. The second authentication device determines a particular type of shuffling to be applied to a passcode in conjunction with submission of that passcode for authentication, and verifies that the passcode has been entered in accordance with the particular type of shuffling. The first cryptographic device may comprise an authentication token and the second cryptographic device may comprise at least one authentication server. By way of example, the second cryptographic device may generate a shuffle indicator signal specifying the particular type of shuffling, such that the shuffle indicator signal can be transmitted and thereby made apparent to a user associated with the first cryptographic device. The user then alters his or her manner of entry of the passcode based on the received shuffle indicator signal, such as entering the passcode in a reverse order.