A counter challenge authentication method is presented for authentication of online users of web applications. The authentication method involves a counter challenge from a user to a web application
asking to provide certain information from one or more user details recorded at the time of registration. The user enters his password and logs into the web application only in case the correct answer is
received from the web application. This advanced authentication method protects online application
users from phishing attacks. An incorrect answer or inability of the web application to provide the
correct answer to the challenge is a clear indication of a phishing attack, thereby alerting the user and
stopping submission of password to phishers. The authentication method is computer independent and
eliminates dependency on two-factor authentication, hardware tokens, client software installations,
digital certificates, and user defined seals.