Internet applications and services have permeated our lives in many aspects. Typical internet activities include email, internet surfing, cloud storage, social network, electronic transaction, on-line shopping, etc. As more attention is taken from the real-world to the virtual world interactions, crimes and malicious actions have also grown in a rapid pace. In order to continuously develop internet services without compromising the security, many approaches have been proposed. Among others, passwords are commonly used nowadays. FIG. 1 is a schematic diagram of a client-server system 100 in prior art. Referring to FIG. 1, client A may interact with server_1 to server_n of different internet websites, using different sets of IDs and passwords, ID_1 associated with psw_n to ID_n associated with psw_n, respectively. However, setting different passwords for different websites may still run the risk of cyber crimes such as computer virus attack, data hacking and internet fraud by a malicious client B. It is desirable to have a method and system that can improve the existing password-based security mechanism.