Computing system administrators, among others, desire to distinguish allowed users from disallowed users. The process of distinguishing an allowed user from a disallowed user may be called user authentication. In contrast, a disallowed user may fail to be authenticated. At that point, the disallowed user may be denied access to the computing or other system.
In addition to computing system administrators authenticating users, users themselves may also desire to authenticate the computing or other system with which they are interacting. The process of providing some level of assurance that both: (i) the user was authenticated to the system and (ii) the system was authenticated to the user may be called mutual assurance.
Mutual assurance may provide some protection against the improper use of computer systems. For example, mutual assurance may provide some protection against phishing attacks. In a phishing attack, a user may be presented with a false login screen that appears to be a login screen for an authentic computing system. The users may then enter their login information without realizing that they are providing the information to those behind the phishing attack. Having received the users' login information, those behind the phishing attack may then obtain access to the computing system.
Some institutions may attempt to provide mutual assurance by displaying an image specified by the user. However, such mutual assurance systems may have various disadvantages. For example, an attacker may be able to acquire the image for use in a phishing attack and may use the image to trick the user into thinking that the phishing site is a legitimate site. Accordingly, the instant disclosure addresses a need for systems and methods that provide mutual assurance in a more effective and efficient manner.