The invention relates to a method for authenticating a user of a mobile device (10) against a remote authenticating system (30) which is connected to a client computer accessible to said user, which comprises:
i—reading a 2D-code displayed to the client computer (40) by means of a 2D-code reader provided in said mobile device, a URL address of the authenticating system and a codified challenge generated by authenticating system being embedded in said 2D-code;
ii—processing said codified challenge and computing a response to it using a personal secret, which is a string of characters univocally related to a user identifier (user ID) of said user of the mobile device and to a time stamp;
iii—sending a message to the authenticating system which includes a tuple (100) whose elements are said user ID, the challenge and its response;
iv—analyzing the tuple elements and determining the tuple is valid if the response to the challenge has been generated using the personal secret of the user whose user identifier is in the tuple for a given period of time, and in case said tuple is valid:
v—checking in a users list (300) in the authenticating system if the user identifier in the tuple is in said users list, and if the user identifier is in the users list, it is verified if the challenge in the tuple is in a session list in the authenticating system, and if the challenge is in the session list, the authenticating system pushes a welcome screen to the client computer that corresponds to a session identification number in the session list where the challenge is.
The invention also to a system for authenticating a user of a mobile device.