A method of in-line sign in that allows a user to sign into a first server
based on a sign-in methodology of a second server is disclosed. The
method uses, among other things, a nonce and approved URL list to prevent
spoofing and replay attack. Additionally, the method allows error
messages that occur during the authentication process to be displayed to
the user having the look and feel of the first server, despite using the
authentication process of the second server. A method of dual or
distributed authentication is also disclosed wherein the user need only
to input the login id and password once and wherein the two
authentication processes need not exchange the user's password.