Provided are a method and system for preventing personal information of a user using server registration information and an authentication system connected to the Internet. The method includes collecting information regarding servers which provide an Internet service; classifying the safety of sites using the servers based on the information; and providing site information containing the information regarding the servers at the request of a client which tries to access the servers. In the method, addresses of servers of major organizations connected to a network are registered in advance. Therefore, when a terminal of a user tries to access an external site through the network, it is possible to identify which organization has actually registered an address of the site and determine whether the site is a harmful site. If the site is determined to be harmful, the access to the site is blocked, thereby preventing the damages of phishing.