A software based method and system providing secure and robust multifactor authentication of internet users using at least one factor each of 1) Something you know; 2) Something you have; and 3) Something you are--A physical characteristic of the user or his/her computer/device. This method of authenticating the identity of a user to determine access to a host includes providing an encrypted key string based on one or more static and dynamic factors corresponding the data instances of a user or his/her computer/device, one or more static and dynamic factors corresponding the data instances of the host, and user input factors; evaluating the factor-based data instances to determine if the user's identity is authenticated; and granting or restricting the user's access to the host based on authentication results. The provider generates a key string based on the inputs gathered/provided, time stamps the key, encrypts the key and sends it to the host. The host in turns decrypts the key string, evaluates the static factors against its database, and evaluates the dynamic factors based on pre-defined logic. The user is successfully authenticated if all validations are positive. Based on the authentication results the user is granted or restricted an access to the host resources. This method and system significantly reduces the chances of identity theft occurring from phishing, pharming, man-in-middle theft, spy-ware, and key stroke logger in everyday consumer e-commerce by deploying multifactor authentication based on static and dynamic factors stored/generated at multiple places, key encryption, key time stamping, and elimination of key strokes.