Handover security and efficiency have become more and more important in modern wireless network designs. In this paper, we propose a new protocol using the one-time key for user authentication. The proposed protocol can support both intra-domain and inter-domain authentications efficiently. Our protocol requires five messages for intra-domain initial authentication; three for subsequent authentication; and five for handover authentication. No authentication server is needed during handover, and our design reduces the computing load on the authentication server. We show an integration and implementation of EAP from 802.1X and our protocol, giving an easy way to apply our protocol on existing 802.11 wireless networks. The proposed protocol is realized and verified on the SWOON secure wireless testbed.