System, method and computer program for authenticating a user of a client
computer to a remote server computer. A client computer initially sends a
userID but not a password of the user to the remote server computer. In
response to the userID, the server computer determines a subsequent time
window during which the server computer will consider for authentication
submission of a combination of the userID and a password. The server
computer notifies the client computer of the time window. After receipt
of the notification from the server computer, during the time window, the
client computer sends the userID and a corresponding password to the
server computer. In response to receipt of the userID and the
corresponding password from the client computer, the server computer
determines if the combination of the userID and the corresponding
password is valid. If the combination of the userID and the corresponding
password is valid, the server computer notifies the client computer that
the combination of the userID and the corresponding password is valid. In
response, the client computer establishes a session with the server
computer and accesses a resource requiring a valid combination of userID
and password to access. The server computer ignores combinations of
userIDs and passwords submitted before or after the time window.