Great risk of online identity authentication technology based on password exists in the prior art. Password of a user can be obtained by guessing and technology such as stealing credit certificate online, network phishing, etc. If the length of a password used by a user is relatively short, or the password is a weak password which can be cracked easily, the user will be vulnerable to attacks, leading to personal information breach and even property damage. In traditional identity authentication methods, a client needs to send a password to a password library of a remote server for verification, which has the risk of being intercepted and cracked. In addition, the passwords are stored in the same remote server, hence a compromised super administrator account can leak out passwords of all users stored in the remote server.