The rapid development of the Internet facilitates our lives in many aspects. More and more business will be done through Internet. Under such circumstances, enough attention must be given to the information security, of which the identity authentication is one important problem. In the traditional authentication scheme, the user provides the username and static password to service provider, but there are some inherent shortcomings of this method-static passwords maybe guessed, forgotten, and eavesdropped. One-Time Password (OTP) is considered as the strongest authentication scheme among all password-based solutions. In this paper, a novel twofactor authentication scheme based OTP is proposed. The scheme not only satisfies the mutual authentication between the user and service provider, but also presents higher security and lower computational cost than traditional schemes based OTP.