The present disclosure generally provides a method and system for roaming website account and password. The method is operational on a first client and includes: authenticating website accounts and passwords that have been stored; obtaining the stored website addresses, accounts and passwords according to a success authentication; encrypting the stored website addresses, accounts and passwords for generating encrypted information, and generating a first QR code to be obtained by a second client according to the encrypted information. The website accounts and passwords are roamed and synchronized to be shared. The synchronization process authenticates the accounts and passwords, and would not need a third-party server. Risk of data lost in case that the third-party server is attacked would be eliminated, and the safety for the accounts and passwords is improved.