The invention consists of a uniquely punched or printed key, often in the form of a card, that is used to identify and authenticate a user during online transactions. The computer randomly generates an array of characters, such as numbers, letters or symbols, which is displayed to the user, e.g., on a computer monitor, or printed, such as in matrix format. When held over the displayed matrix, the key allows the user to view only certain portions of the matrix, which portions together form the user's one-time-password, which is unique for each authentication transaction. The user is then authenticated by utilizing both the actual key and a password or personal identification number. This two-pronged requirement for authentication insures the high security level provided by the system.