A method of maintaining ongoing authentication of a user of an application without the need to enter and re-enter a username and a corresponding password for each session initiated between a client side application residing on a client side platform and a server; and wherein the password is not stored on the server; the method comprising utilising an unbroken chain of one-time pass codes; each pass code in the chain being unique to the username and client side application; each pass code renewed periodically and preferably at least once during each said session.