Web authentication that is both secure and usable remains a challenge. Passwords are vulnerable to phishing attacks, while physical tokens face deployment obstacles. The authors propose to leverage the authentication infrastructure of cellular networks to enhance web authentication. They design WebCallerID, a web authentication scheme that uses cell phones as physical tokens and uses cellular networks as trusted identity providers. Since WebCallerID requires no user participation during authentication, it prevents security mistakes by users. WebCallerID also prevents rogue websites from replaying authentication assertions or stealing users' identities.