System, method and computer program for authenticating a user of a client computer to a remote server computer. A client computer initially sends a userID but not a password of the user to the remote server computer. In response to the userID, the server computer determines a subsequent time window during which the server computer will consider for authentication submission of a combination of the userID and a password. The server computer notifies the client computer of the time window. After receipt of the notification from the server computer, during the time window, the client computer sends the userID and a corresponding password to the server computer. In response to receipt of the userID and the corresponding password from the client computer, the server computer determines if the combination of the userID and the corresponding password is valid. If the combination of the userID and the corresponding password is valid, the server computer notifies the client computer that the combination of the userID and the corresponding password is valid. In response, the client computer establishes a session with the server computer and accesses a resource requiring a valid combination of userID and password to access. The server computer ignores combinations of userIDs and passwords submitted before or after the time window.