A technique of authenticating a user involves storing a set of expected OTPs in memory of a mobile device, the set of expected OTPs having been previously generated by and acquired from an external authentication server. The technique further involves receiving, after the set of expected OTPs is stored in the memory, an authentication request from a user of the mobile device, the authentication request including a user-provided OTP. The technique further involves performing, by processing circuitry of the mobile device, a local authentication operation which provides an authentication result based on a comparison between the user-provided OTP and an expected OTP of the set of expected OTPs stored in the memory. The authentication result indicates whether authentication of the user is successful or unsuccessful.