how to implement anti phishing mechanisn for a web application

739 views Asked by At

we have internal portal which we will use for configuration. How to implement anti phishing mechanism 1.which mechanism to use
2.how to use
thanks in advance

1

There are 1 answers

1
Igarr On BEST ANSWER

Phishing protection are not only at your application level but also by making your users aware of what a phishing is. Even top-noch banks are vulnerable to phishing attacks.

I would suggest you:

A mechanism i've seen in a few banks is :

  • Make the user insert his username
  • Show an image only know by him that user chose previously at registrarion.
  • Make the user accept that he/she choose that image previously
  • Make the user insert his password

This way if a user is a victim of a phishing attack, the attacker must know not just his username but also the image that the user choose.

Also in case the user doesn't exists you should set up a fake image so you prevent a user enumeration attack.