The uses of internet in online communication have been increased and the threats against the internet security also increased. Here we discuss how to prevent user's passwords from being stolen by adversaries in online environments. The virtual password mechanism prevents user's passwords from being stolen by adversaries. Here propose a virtual password concept involving a small amount of human computing to secure user's passwords in online environments with the freedom to choose a virtual password scheme ranging from weak security to strong security. However, there is trade-off between simplicity and security conflict with each other and it is difficult to achieve both. Further propose several system recommended functions that provide a security and analyse how the proposed schemes defend against phishing, keylogger, shoulder surfing attacks, and multiple attacks. In user-specified functions, we adopt secret little functions in which security is enhanced by hiding secret functions.