In a challenge-response system a password is never sent over the network. When the user enters his or her account name at a terminal, the central server issues the user a random challenge. The user sees the challenge, and transcribes it and a password into the keypad of a handheld authenticator (the size of a credit card or small calculator). The authenticator calculates a unique response; the user enters that response into the terminal and sends it to the central server. The central server repeats the calculation and compares its result with the user’s result. An intruder cannot imitate the user without access to the identical authenticator and its associated password.