Citation: RSA Security. Enhancing One-Time Passwords for Protection against Real-Time Phishing Attacks. Technology backgrounder, January 16, 2006.
Abstract: Phishing attacks are stealing consumer identities and creating major burdens on e-businesses. While one-time passwords deter offline phishing, by themselves they may not defend consumers and ebusinesses against real-time "man-in-the-middle" phishing attacks. This whitepaper provides an overview of a unique anti-phishing research concept being explored at RSA Security. It demonstrates how a simple change in the authentication interface can significantly improve protection against phishing and other possible online attacks. The paper shows how password hashing can be utilized within a new Password Protection Module to systematically protect against phishing of passwords, and puts forth a proposed solution.
Disclaimer: RSA Security has a pending patent application that may be relevant to the techniques described in this paper. For further information, please contact RSA Security’s Legal Department at +1 (781) 515-5000.