A client-server security architecture is disclosed that uses a masked grid, a seed, and mutual unlocking techniques to authentication a client device with a server machine using a one-time code (OTC). The client device in the client-server architecture stores a masked grid that is used to unlock an authentication code using a seed. Once mutually unlocked, the client device may generate an OTC to attempt to authenticate the client device with a server machine. The server machine validates that OTC with the OTC stored at the server to confirm they match. Each subsequent access may repeat the aforementioned steps. Moreover, in a multi-device ecosystem, a plurality of client devices may leverage a primary client device to connect with the server machine. For example, one or more subordinate client devices may connect to the primary client device to then tunnel through to the server machine in a secure manner.