Sequel - Detection of Fake Log-In Page
In my earlier post “Detection of FakeLog-In Page”, I wrote “show the user’s image ALONG WITH DOZENS OF OTHER IMAGES.”
Have you taken note of it? This element plays a crucial role in our scheme.
A would-be phisher can easily copy the log-in screen and show it to a target user whose User ID is known. But the phisher does not know which image was registered by the user as the credential of the genuine log-in server as against the other images, whereas both the user and the genuine log-in server know which one was registered.
We ask the user to pick up the registered image and also several other meaningless images in a random sequence; the outcome will be that the genuine log-in server will know that the user has selected the registered image in the choice, while a fake log-in server will not know it, so the phishing process will have to stop there. Copying the genuine log-in page would thus take the phisher nowhere.
After this screening of fake log-in servers, the user will be asked to go through the authentication by a password, desirably by Expanded Password System where it is available.
< References >
< Videos on YouTube>
< Latest Media Articles Published in 2020 Spring>
Digital Identity – Anything Used Correctly Is Useful https://www.valuewalk.com/2020/05/digital-identity-biometrics-use/
‘Easy-to-Remember’ is one thing ‘Hard-to-Forget’ is another https://www.paymentsjournal.com/easy-to-remember-is-one-thing-hard-to-forget-is-another/