A network user is authenticated to another network entity by using a first program to receive user input validation information, and store a user credential. A second program receives information, such as a random number, from the other entity. The first program receives an input transferring the information to it, transmits the information to the authentication server, and receives an identifier of the other entity, other information, and authentication policy requirements from the authentication server. It then transmits the input validation information corresponding to the received authentication policy requirements to the authentication server, and in response receives a request for a user credential. It signs a message, including the transferred information and the received other information, with the stored user credential, and transmits the signed message to the authentication server to authenticate the user.