With the rapid development of science and technology, more and more services can be provided to people. In order to effectively and securely utilize a corresponding service, a user is usually required to log onto a relevant server, and be authenticated by the server. After the user passes the authentication, normal login of the user can be realized, and the user can utilize the corresponding service. Among the current methods for login authentication, one of the methods is: receiving input of a user's a username and password through a computer used by the user; and at the same time, receiving input of an authentication code; and sending the inputted username, password, and authentication code to a service-providing system server to authenticate the user's identity. In such an application method, if the user's computer has been invaded by a virus or a Trojan program, and the virus or Trojan program performs key logging on the user's computer, when the user inputs the username, password, authentication code and so on, the username and password of the user will be acquired easily by the virus and Trojan program. Thus security cannot be assured. Even if various security means are employed to strengthen the security of the user's computer, the environment in which the user inputs the username and password is the same computer device as the virus or Trojan program. Since the viruses or Trojan programs are also upgrading all the time, theoretically, it is still possible that security means may be cracked by a virus or Trojan program at a higher technology level, and the username and password of the user be finally obtained by the virus or Trojan program, leading compromised security.