How does SolidPass™ guard against Phishing Attacks?
A phishing attack occurs when the user (or the user’s computer) is tricked into thinking it is accessing the real web site, and enters credentials such as user name and password into a malicious web site. Using this technique, the attacker may get the login data to the online banking system. However, modified parameters or stolen credentials are useless with the use of the SolidPass™ System since the additional knowledge of the private data stored on the phone is required. There is a counter whose value is shared by the mobile phone application and the server. The challenge contains a cryptographically strong checksum which must match the counter value on the mobile phone within the given window. If the user is lured to a bogus web site, the counter value on the site will be out of sync with that of the mobile phone causing the attempt to fail.
