On subsequent attempts to access the user's encrypted data, an SRP "proof" is sent to the Sudo Platform that requires a One-Time Password (OTP). This "proof" is derived from the master password and secret code but is generated directly on the device, so they are never sent to the Sudo Platform. When the "proof" is received by the Sudo Platform, it is cryptographically compared to the original "verifier". If the comparison is successful, the OTP is provided. The OTP, along with the user's Platform authentication tokens, can then be used to access the user's encrypted vault data. Once the OTP is used, a new one must be requested to access the encrypted data again.