Disclosed is a system and method for accessing password-protected Web sites through Web browsers without manually supplying username and password by users. A browser maintains, for each user, one user security profile which stores the URLs and the corresponding login username and password. When the browser receives a username-password challenge from a Web server, instead of immediately prompting the user for such information, the browser first searches the user security profile for the URL the challenge is received from. If a match is found, the browser sends the challenging Web server the username and password that is associated with the matched URL. Thus the user does not have to manually supply the username and password once the triple of (URL, username, password) is stored in the user security profile. This feature is especially valuable for users of voice browsers and phone browsers.