Access to an authentication image may be protected so that only authenticated processes have access to the image. The image can be displayed to authenticate a User Interface (UI) to a computer user. The image indicates the UI can be trusted. If the image is not displayed, it may be that an application UI is "spoofed" to trick a user into providing sensitive information. Additionally, a large variety of different images can be used as authentication images, so spoofing one image be recognized by most users. A set of original images may be provided, along with image modification processes which can generate a large number of variations. Techniques for authenticating UIs in a virtual machine context are provided. A secure attention sequence is also provided, which allows users to test whether processes running on a computer are authenticated.