Systems and methods for anti-phishing include determining that a user interface corresponding to a current web address has authentication input fields. A current hash value is generated based on a subset of a plurality of input characters that have been input into an authentication input field. The current hash value is compared to mapped hash values. If the current hash value matches one or more of the mapped hash values, a web address mapped to the matched, mapped hash value is identified. The mapped web address is compared to the current web address to determine whether they match. An alert is displayed in response to determining whether there is a match between the current web address and the mapped web address.