The present disclosure provides a computer-implemented method, computer system and computer program product for user authentication. According to the method, identity information can be received from a user, and a plurality of questions can be presented to the user, the plurality of questions comprising one or more valid questions generated based on a password related to the identity information and one or more invalid questions. Then, an input can be received from the user, and in response to the input corresponding to the one or more valid questions, the user can be authenticated based on the input.