A system and method is provided for creating and using strong passwords with high entropy. The system and method uses user generated questions and answers. To protect against an adversary from obtaining the questions and researching the answers, multiple levels of questions and answers are used. There are a first set of question(s) and a first set of answer(s) corresponding to the first set of questions as well as a second set of plurality of questions and a second set of plurality of answers corresponding to the second set of plurality of questions. The second set of plurality of answers is concatenated to form a single pass phrase. To enter the pass phrase at a client workstation, a user is presented with a plurality of entries for entering the second set of plurality of answers and an option to request a second set of plurality of questions. If the option to request a second set of questions is chosen, entry for entering a first set of answer(s) and an option for requesting a first set of question(s) are presented. If the option for requesting the first set of question(s) is chosen, the remote server returns the first set of question(s) after authentication. If the correct first set of answer(s) is entered immediately or entered after the first set of question(s) is displayed, the second set of plurality of questions is displayed.