When entering a system, the validation method performs sensitive data transactions owned by other people. The interaction between the system and the user for authentication has traditionally only used one username and password authentication stage. It is hazardous for hacking attacks, for example, by brute force or phishing, so the system security is made layered to improve authentication validation. There are many ways to implement layered authentication, one of which is using the QR-code application library as a layered authentication tool to increase the security of transaction log validation to log into an archive management system. Where the mobile application is the key to creating a token replacement for the password used in the desktop application, previously on the desktop, it will generate a unique code converted into an image from the QR code, which the application on the mobile phone will then scan. Validation is relatively safer because it involves three keys, a username, password, and single-use token, generated from a random unique code. Then, every data exchange between the application on the cellphone and the server key is encrypted using Sha-1.