The present invention provides a system and method for establishing security credentials for using an Internet or other network application requiring user authentication. In an exemplary embodiment, a user electronic device may connect to an application server to initiate use of the application. The application server may respond by transmitting to the user electronic device session identification information (a Session ID). The user electronic device may then transmit an SMS message containing the Session ID back to the application server, which permits the application server to link to the user electronic device. The application server may generate for the user encrypted security credentials and transmit an encryption key for them to the user electronic device in a response SMS message. In a separate message, the security credentials are transmitted to the user. In this manner, only the legitimate user electronic device has both the encryption key and the encrypted security credentials. The user electronic device may then decrypt the security credentials using the encryption key, and use the security credentials to access the network application.