establishing, by a server system, a record of a user permitted to access a secure asset, the record comprising an identifier associated with the user;

establishing, by the server system, in association with the record of the user, information corresponding to a first device in response to receiving, from the first device, a public key of an asymmetric key-pair, the first device maintaining a private key of the asymmetric key-pair;

receiving information corresponding to an attempt to access the secure asset from a second device different from the first device, the information comprising the identifier associated with the user;

identifying the record of the user responsive to the identifier;

selecting the public key of the asymmetric key-pair associated with the record of the user;

generating notification data comprising a portion of data encrypted based on the public key and operable to be decrypted by the private key maintained by the first device;

determining at least one verification value based on the portion of data in unencrypted form;

transmitting, to the second device, the notification data;

receiving a notification response comprising at least one value for verification;

verifying the at least one value based on the at least one verification value, the verifying indicating whether the first device successfully decrypted the encrypted portion of data using the private key; and

transmitting, based on the verifying indicating that the first device successfully decrypted the encrypted portion of data using the private key, an authentication result to grant the access attempt by the second device.