Although using both user name and password is predominantly the main solution for online authentication, it has several drawbacks such as user necessity to memorize different complex passwords, the need to renew password periodically, and the possibility of being victim of spear phishing or social engineering. Most importantly, many users end up saving their passwords in plain text file that could potentially be exploited. In this paper we propose a new method for web applications to enhance user authentication that is less dependent on end users' memory of passwords. Our approach is to split the login process into two phases, identification phase and authentication phase. Both phases will depend mainly on multiple counts of random numbers to identify and authenticate the user. In this paper, we discussed our proposed method in section III. Section IV detailed our experiment and also analyzed the effectiveness of the proposed method based on the simulation of a hypothesized corporate environment in section V.