solution for phishing
Today, it is difficult for an Internet user to understandwhat information they are disclosing, and to whom
they are disclosing that information. Many anti-phishing solutions try to improve this situation by
making stolen passwords less useful, or by helping users identify legitimate sites. One method for addressing phishing is by adding multi-factor authentication. Most web sites require only single-factor authentication to log in: an end user types in their user name and password to authenticate. Multi-factor authentication requires an additional
factor: a one-time password (OTP) value, a digital certificate (usually through a smart card or USB token), or a biometric identifier. The idea of two factor authentication is to require “something you know†with “something you have.†If an attacker captures a username and password, that will not be sufficient to log in because the attacker doesn’t have the right OTP value or digital certificate. If an attacker steals a user’s OTP value or digital certificate, they will not be able to log in because they don’t know the user’s password.
Source Verisgn