Counter Challenge Authentication Method: A Defeating Solution to Phishing Attacks

Abstract

A counter challenge authentication method is presented for authentication of online users of web applications. The authentication method involves a counter challenge from a user to a web application asking to provide certain information from one or more user details recorded at the time of registration. The user enters his password and logs into the web application only in case the correct answer is received from the web application. This advanced authentication method protects online application users from phishing attacks. An incorrect answer or inability of the web application to provide the correct answer to the challenge is a clear indication of a phishing attack, thereby alerting the user and stopping submission of password to phishers. The authentication method is computer independent and eliminates dependency on two-factor authentication, hardware tokens, client software installations, digital certificates, and user defined seals.