The present invention enables secure transactions or access using insecure endpoint devices, such as computers, tablets and smart-phones. These insecure devices are potentially compromised with malicious software that may attack the user in every possible way. The present invention does not pretend to prevent malware. Instead, malware attacks against secure transactions and access are made obsolete. The present invention includes data, directly connected to transaction or access request to Relying-Party-Service-Provider, into authentication process of Identity-as-a-Service Provider. The present invention includes user authentication using mobile phone vs. Identity-Management-as-a-Service provider. The present invention also includes entering request for secure transaction or access to Relying-Party-Service-Provider, using insecure device. The present invention also includes two-way communication between Relying-Party-Service-Provider and Identity-Management-as-a-Service. The advantages of the present invention include, without limitation, that it is resilient to malware attack.