To authenticate an Internet web site, the web site is verified each time it is accessed by a user browser (12). On receipt of a page request, the web site generates a web page into which is embedded a URL site address or other unique identifier. A cookie, link to an image or java applet or similar, for execution of the verification process may also be embedded or may be resident on the user browser. At the user, the browser instantiates the cookie, link to image or applet and extracts the URL site address or unique identifier which is sent, together with user ID to a verification server (16). The server performs comparison, comparing the URL address or unique identifier with a record of the correct identifier and/or URL address. Based on the comparison, an approval status is generated and sent back to the browser. This is displayed as a graphic in the browser or in any other way. The graphic includes an animated portion to increase security. The graphic also includes a user generated code or challenge which is stored on the verification server and which is sent back to the user upon successful authentication.