Chapter 6  ■ Attacking Authentication

5. An application incorporates an anti-phishing mechanism into its login

functionality. During registration, each user selects a specific image

from a large bank of memorable images presented to them by the appli-

cation. The login function involves the following steps:

(a) The user enters their username and date of birth.

(b) If these details are correct, the application displays to the user their

chosen image; otherwise, a random image is displayed.

(c) The user verifies that the correct image is displayed, and if so, enters

their password.

The idea behind the anti-phishing mechanism is that it enables the user

to confirm that they are dealing with the authentic application, and not

a clone, because only the real application knows the correct image to

display to the user.

What vulnerability does the anti-phishing mechanism introduce into

the login function? Is the mechanism effective in preventing phishing?

Download 5,76 Mb.

Do'stlaringiz bilan baham: