Disclosed is a process for mutual authentication of a user and service provider. The process receives, at a key generation module (KGM), a notification of an event generated at a computing device. The process transmits the notification of the event to an authentication server. A third party server receives a shared secret provided by a registered user for the event. The shared secret transmitted to the KGM by the authentication server. The KGM generates a one-time key for the event. The process appends the shared secret to the one time key to generate an appended key, which is transmitted to a registered user mobile device. The process authenticates the event in response to receiving a notification from the computing device within a predetermined time period indicating the one-time key was entered at the computing device.