Since authentication is the key to access control security in Internet access for every user, therefore, how to verify a user is who he claimed to be is a very important requirement in Internet security. In some situations, users need to be re-authenticated to make sure that they are still actively engaged in real time interaction. For instance, people will be notified to dial to a specific server phone number to reconfirm his identity again before re-login using their account ID and passwords pairs. This approach has been adopted by many online game servers. In this paper, we proposed a novel approach for re-authentication protocol using personalized information with CAPTCHA.