The Arcot Advisor - Product News

Layered Protection Locks Out Hackers

Are your customers protected from phishing and Man-in-the-Middle attacks? If you’re using OTP tokens, you’re vulnerable.

Defining MITM attacks

Man-in-the-Middle attacks hit their stride in 2007. Most often appearing as a legitmate email sent to a bank’s customers, the email will attempt to fool the customer into logging into the bank’s Web portal and provide account and password information – however, the link provided is actually a false page that appears identical to the actual bank Web site. Once the customer enters his/her information, the criminal gains easy access into the bank account.

Unfortunately, because the criminal relays legitimate credentials of the fooled customer to the bank, many multi-factor authentication processes fail to catch the MITM attack. The table to the right highlights why, in specific, these security initiatives fail.

The solution: ArcotID

ArcotID, a secure software credential which provides strong, two-factor authentication, resides on the user’s desktop and contains the domain name of the organization that issued the ArcotID. When a user attempts to login to a portal with his username and password, the ArcotID compares the domain name of the site requesting authentication to the site that issued the ArcotID. If there is not a match, the ArcotID will not continue with the login and does not send the password information, thereby preventing MITM attacks.

As always, the process is seamless

The Arcot multi-factor authentication is invisible to end users, ensuring a customer-friendly experience. Best of all, there are no additional authentication steps for a user to take – all that is required is a username and password, the ArcotID protects users behind the scenes.

(If your operating system does not support using a Print button,
simply use your Web browser's "Print" command instead.)

©2007 Arcot All rights reserved.