Abstract: A method of verifying the identity of a user comprising: initiating (50) a sign-in request from a first computing device to an authentication server; receiving (58) an instruction from the authentication server to provide signature data from a second computing device; entering (64) signature data at the second computing device and sending the signature data to the authentication server; verifying (65) the signature data at the authentication server; notifying (66) the user that their identity has been verified on the basis of the data received from the second computing device.