Quantum Key Distribution (QKD - also referred to as Quantum Cryptography) is a technique for secret key agreement. It has been shown that QKD rigged with Information-Theoretic Secure (ITS) authentication (using secret key) of the classical messages transmitted during the key distribution protocol is also ITS. Note, QKD without any authentication can trivially be broken by man-in-the-middle attacks. Here, we study an authentication method that was originally proposed because of its low key consumption; a two-step authentication that uses a publicly known hash function, followed by a secret strongly universal2 hash function, which is exchanged each round. This two-step authentication is not information-theoretically secure but it was argued that nevertheless it does not compromise the security of QKD. In the current contribution we study intrinsic weaknesses of this approach under the common assumption that the QKD adversary has access to unlimited resources including quantum memories. We consider one implementation of Quantum Cryptographic protocols that use such authentication and demonstrate an attack that fully extract the secret key. Even including the final key from the protocol in the authentication does not rule out the possibility of these attacks. To rectify the situation, we propose a countermeasure that, while not informationtheoretically secure, restores the need for very large computing power for the attack to work. Finally, we specify conditions that must be satisfied by the two-step authentication in order to restore informationtheoretic security.