A method and system for secure authentication of a user in a session conducted over an interactive communication channel, such as a two-way telephony communication channel, with an authenticating entity, such as a financial institution, utilizes a session identifier, such as pseudorandom noise to detect and identify attempts to play back authentication information, such as user-spoken phrases, intercepted and recorded by an unauthorized party during a previous session between the user and the authenticating party.