Abstract: Bootstrapping a trusted cryptographic certificate or other credentials into a client web browser application can be used to provide protection against “phishing” and “man-in-the-middle” attacks made over a computer network. Verification credentials are provided to users who connect directly to an authentication server and provide sufficient authentication information. The authentication server can rely upon the use of private URLs associated with each user as part of the verification process and can reject users who connect by clicking on a hyperlink directed to the authentication server.