Dual Authentication Tapped in Phish Fight


Researchers at Carnegie Mellon University have built a tool that protects users from phishing attacks even if they take the bait.

The Phoolproof Phishing Prevention tool provides two way authentication between the user and the Web server via the user's mobile device: a cell phone or PDA, for instance. The Java based tool operates atop SSL and uses a key pair that authenticates the user and the Websites visited.

That way, even if a user mistakenly tries to go to a phishing site posing as his bank, for example, the tool will prevent him from accessing it. And he won't be able to inadvertently give away or compromise his credentials, which are stored in the mobile device. The mobile device talks to the user's Web browser and only shows its authentication key to a legitimate Website. Dark Reading - Desktop Security - Dual Authentication Tapped in Phish Fight - Security News Analysis

Linked by shanmuga Wednesday, 6th September 2006 10:26PM