Mutual authentication is when two parties both require proofs of identity before conducting business. In an e-Commerce transaction, for example, both the client browser and the web site would prove identity to the other party when the browser connects.
In the current secure Internet environment, using SSL, it’s common for only the web server to present a certificate that binds its identity to the conversation. When everything works properly, this is handled between the browser and the server, transparent to the browser user. When there are problems, naive users may go past error messages and work in an insecure web environment. Mutual authentication would provide more controls, including authentication of the browser client to the server.
Mutual authentication will not only prevent hijacking and man-in-the-middle attacks but may also prevent phishing attempts from being successful, and other forms of Internet fraud.