A data security system is provided. The data security system includes at least a first party and a second party that are mutually coupled via a data communication arrangement, wherein the data communication arrangement is operable to provide for user authentications and/or user sign-in. The first and second parties are provided with identical or mutually compatible copies of a digital key code list that includes keys and indexes referencing the keys. The first party is operable to deliver to the second party an authentication message including an index of a key to be derived, a unique identifier (ID) of a digital key code list from which the key is to be derived, and additional information indicative of at least one of: a unique user ID associated with the first party, a session token previously-received from the second party, a date and time at which an attempt for user authentications and/or user sign-in is made. The additional information is provided in an encrypted form. The first and second parties are operable to use, when performing data communication therebetween, for providing user authentications and/or user sign-in, the key that is derived from the digital key code list based upon the index included within the authentication message, and to dispose of the key after use, wherein the key is arranged to be usable only once between the first and second parties.