Is digital watermarking still a reliable method of consumer authentication?
Digital watermarking is an older method used in consumer online authentication that is now somewhat deprecated, even though a lot of sites still use it. It was, or is, often used in conjunction with device identification. Once the Web site determines that your PC is the one it was expecting you to use, it displays a series of pictures and ask you to indicate the one you have previously selected. The aim is both to authenticate you and to let the target Web site prove that you are not being phished. However, digital watermarking is still subject to a man-in-the-middle attack, i.e., a fraudster could put a proxy site between you and the real Web site of your financial institution. In that case the man-in-the-middle would capture the images sent down from your banks site, observe which one you selected, and send that back to your bank. Neither you nor your bank would know the difference. Q: Does password hardening or even full-blown device-based multifactor authentication eliminate the ne