E-commerce based on Internet is gradually becoming a new mode for commercial activities and the greatest misgiving of enterprises to conduct e-commerce is “safety”. One-time password (OTP) scheme can help to solves password problems such as password conjecture and wiretapping, which occurs by repeatedly using the same password. The S/KEY one-time password system is one of most popular authentication schemes, however it can not withstand small integer attack. This work illustrates as well as discusses of the S/KEY based authentication schemes with their pros and cons. This paper suggests an improved one-time password system based on bidirectional virtual authorization in mobile application systems. Our proposed Scheme can defend copy attacks, replay attacks, integer attack and Brute-Force Attack.