Secure identification of a user in an electronic communications environment, wherein a host computer communicates with a plurality of electronic devices operated by the user. The user is issued a user code, known only to the user and stored in the host computer. User identification involves the host computer generating a pseudo-random security string and applying the user code to the pseudo-random security string to generate a transaction code. The host computer also transmits the pseudo-random security string to one of the electronic devices which displays the pseudo-random security string to the user. The user generates the transaction code by applying their known user code to the displayed pseudo-random security string. The user enerated transaction code is entered into an electronic device, then transmitted back to the host computer. Positive identification is achieved when the host computer determined transaction code matches the user generated transaction code.