A method and system for secure identification of a person in an electronic communications environment, wherein a host computer is adapted to be able to communicate with a specific electronic communications device operated by the person. The person is issued with a mask code, known only to the person and stored in the host computer, but never transmitted electronically there between. When the person is required to identify him- or herself to the host computer, the host computer transmits a pseudo-random string to the specific electronic communications device, whereupon the mask code must be applied to the pseudo-random string according to predetermined rules so as to generate a volatile identification code which is then transmitted back to the host computer. Positive identification is achieved when the volatile identification code matches a volatile identification code generated within the host computer by applying the mask code stored therein to the pseudo-random string. In this way, a person's mask code is never transmitted electronically and is therefore relatively safe from interception, and the volatile identification code will be different for each different pseudo-random string, thus making a fraudulently intercepted communication meaningless.