Phishing is a type of Internet fraud that uses deceptive websites to trick users into revealing sensitive information. Despite the availability of numerous tools designed to detect phishing, it remains a steadily growing threat. The failure of current anti-phishing solutions is largely due to their focus on detecting phishing rather than addressing phishing's root cause: insecure web authentication.

Using a combination of the zero-knowledge mechanism and two-factor authentication I present ZeKo, an authentication mechanism that is immune from phishing attacks, cryptanalysis and man-in-the-middle attacks. ZeKo takes into account the psychological behavior of users and remains secure even when the user is deceived. The proposed system not only prevents phishing attacks but also has considerable benefits over traditional authentication mechanisms, making it well suited for a wide range of applications.