Preventing replay attacks without user involvement. A method according to one embodiment of the invention includes recording a serial number that was verified following a previous request to access a resource, and later receiving a request to access the resource. A serial number is acquired from the source of the request and then updated by increasing its value. The updated serial number is verified by comparing it with the recorded serial number, and access to the resource is granted only if the value of the updated serial number exceeds the value of the recorded serial number.