Two-factor authentication (2FA) schemes that rely on a combination of knowledge factors (e.g., PIN) and device possession have gained popularity. Some of these schemes remain secure even against strong adversaries that (a) observe the traffic between a client and server, and (b) have physical access to the client's device, or its PIN, or breach the server. However, these solutions have several shortcomings; namely, they (i) require a client to remember multiple secret values to prove its identity, (ii) involve several modular exponentiations, and (iii) are in the non-standard random oracle model. In this work, we present a 2FA protocol that resists such a strong adversary while addressing the above shortcomings. Our protocol requires a client to remember only a single secret value/PIN, does not involve any modular exponentiations, and is in a standard model. It is the first one that offers these features without using trusted chipsets. This protocol also imposes up to 40% lower communication overhead than the state-of-the-art solutions do.The adoption of online services, such as online banking and e-commerce, has been swiftly increasing, and so has the effort of adversaries to gain unauthorised access to such services. For clients to prove their identity to a remote service provider, they provide a piece of evidence, called an "authentication factor". Authentication factors can be based on (i) knowledge factors, e.g., PIN or password, (ii) possession factors, e.g., access card or physical hardware token, or (iii) inherent factors, e.g., fingerprint. Knowledge factors are still the most predominant factors used for authentication [6,15]. The knowledge factors themselves are not strong enough to adequately prevent impersonation [29,15]. Multi-factor authentication methods that depend on more than one factor are more difficult to compromise than single-factor methods. Recently (on January 26, 2022), the "Executive Office of the US President" released a memorandum requiring the Federal Government's agencies to meet specific cybersecurity standards, including the use of multi-factor authentication, to reinforce the Government's defences against increasingly sophisticated threat campaigns [23]. Among multi-factor authentication schemes, two-factor authentication (2FA) methods, including those