Back to List

Product News

What Security Problems Does AutoPassword Solve?

AutoPassword solves the phishing and pharming attack problem for all online services and eliminates the vulnerability of 2FA/MFA and password managers based on one-way authentication.

The most common way users credentials are stolen is through phishing and pharming attacks. AutoPassword is presented by the online service to the user first. Therefore, there’s no chance for a hacker to steal the user's credentials on the user's terminal. Also, there's no possibility of falling victim to a pharming attack because the user can verify the authenticity of the online service first, with their mobile device.

It also solves the vulnerability issues of existing 2FA/MFA and Password Managers. All existing kinds of user authentication technologies work based on one-way user authentication with the assumption that services are always genuine. Because of that, they would be vulnerable when the users terminal is connected to a fake online service. They couldn't distinguish between, whether the fake online service accepts the user's credentials and shows the screens the same designs. If the password manager is used on a fake website, it would still automatically fill in the password into the password field without checking the authenticity of the online service first. Even 2FA or MFA cannot help when the user's terminal is connected to a fake online service if attackers are performing a phising and pharming attack.

Strictly speaking, only AutoPassword is a mutual authenticator that makes users verify the authenticity of online service fisrt, then allows online services to verify the authenticity of user. It adds an extra layer of service authentication on top of the existing user authentication such as OTP, PKI and Biometrics.

Compared to other existing mutual authentication technologies, such as Kerberos and PKI, AutoPassword makes a user verify the authenticity of an online service with their own eyes, whereas existing authentication technologies don’t let the user authenticate the online service at all , they just run internally between the client’s machine and servers machine by typing a user ID and password.

Even if existing mutual authentication technologies are being used, if a user can’t check the authenticity of an online service first, then the user can still fall victim to a fake service. In fact, some technologies that claim to use mutual authentication, were not even developed for that purpose, instead they were made to prevent eavesdropping and replay attacks, not for the user to verify the authenticity of online services.

AutoPassword only protects users from phising and pharming attacks completely as a mutual two-factor authenticator and multi-factor authenticator.