Increasing security by using a wrong password

Auteur
Heini Withagen
Datum

We all receive phishing Email regularly. Some of them are becoming quite smart and even as a seasoned professional in the IT industry, they could almost make you believe you are dealing with a genuine message from your bank.

In the case of banking fraude, the ‘bandits’ behind these Emails will try to lure the user into supplying them with the access codes to the user’s banking environment. They have set up a look-a-like banking environment which tricks the user into believing he is dealing with the real bank. The user types in his credentials and the bad guys use the entered information to log into the real banking environment to start their ‘work’.

However, we can trick them……

We can increase our confidence level of securing we are dealing with the real banking environment by always first using a wrong password. The frauduleus website will accept the password as it has no way of knowing if the password is correct or not. Its only purpose is to collect the user credentials. The real banking environment will reject the password. The user knows he has supplied a wrong password and only the real bank will be able to provide him the feedback that is indeed a wrong password.

So by supplying a deliberate wrong password while logging in, the confidence level of the user, that he is indeed dealing with the real bank, is increased. This procedure is a one-party agreement (an agreement with yourself) from which the involved party (the bank) does not need to know it is being performed.

From a banking perspective, banks could check login attempts and pay extra attention to users who don’t use this procedure. These users are at risk because they don’t regularly supply a wrong password to their bank…..

Banks could even instruct their users to always enter a first-time wrong password. However, it might turn out be difficult to explain this procedure to the average user. And as soon this ‘trick’ is mass adopted, the value significantly decreases as malicious websites will also incorporate these steps.

For now, it is my ‘secret’ way of being extra conscious to whoever is trying to gain access to one of my personal online environments.

Tags