A computer-readable medium embodies a computer program for authenticating a user. The computer program comprises computer-readable program code for: generating a first message including an identifier for a session, sending the first message through an interface associated with the session, receiving a response message including the identifier for the session, a user identifier, and at least a portion encrypted using a private key associated with a mobile device associated with the user, and authenticating the user in response to identifying that the response message includes at least the portion encrypted using the private key associated with the mobile device.