An administrative system generates a sequence of passwords by iterative evaluation of a hash function, initiated from a private key value and continuing to a final, public key value. A current token is created that includes a current one of the passwords. A protected device tests the validity of the current password by inputting it to a hash function sub-chain. The current password is considered valid if, after hashing the current password n+1 times, where n corresponds to the number of tokens previously received, the result is a revealed value, such as a previously verified password of the public key value. At least one unit of a one-time programmable hardware device, such as processor fuses or anti-fuses, is then physically and permanently altered, thereby incrementing a count entry indicating the number of tokens received. The protected device performs a desired action only if the current password is verified.