The network technology is widely used in human daily life, and people relies much on the network for more daily activities such as shopping, office working, and entertaining online. For the enhanced using of network application, websites which provide all kinds of convenient services come up, and the number of the websites is increasing as well. Meanwhile, the websites require higher security, in particular, the website relates to online bank or government office work which requires absolute safety of legal users when they are logging on the Internet. With the development of hacker, traditional authentication way by using the username plus the statistic code cannot meet the need of present security.
In recent years, a dynamic password authentication method is raised up in the authentication field. Dynamic password is added on the basis of the static password authentication, which provides additional protection for a user password and enhances the security. In prior art, the authentication for the dynamic password authentication is performed in the following way:
The service provider distributes a dynamic password token to a user. With the same size as a USB drive, the token is an electric device with processor and can run itself independently when the token is loaded with cells or is powered. Generally, a seed, which is called as static factor, corresponding to the dynamic password token, is stored inside the dynamic password token. The seed is a long character string or data;
The dynamic password token can generate a dynamic password according to the dynamic algorithm built in the token by using the seed and a dynamic factor;
The user uses the dynamic password generated by the dynamic password token to log in at service side. Because the dynamic factor associates with time or event factor usually, the dynamic passwords generated are different from time to time, which provides higher security.
Phishing website is a fraudulent website, which imitates the interface of a real website and has subtle difference with the real website in URL. A general user may confuse the phishing website with the real website, that is, the phishing website masquerades as a real website. If a user logs on a phishing website, the phishing website will record the logon information input by the user. The illegal user posed as a legal user will log on the real website with this information, which will bring a big loss to the legal user.
Though the dynamic password in the prior art has high security and is difficult to be decoded, the dynamic password cannot prevent from being attacked by some malicious website (for example, phishing website).
At present, no effective solution is raised for solving the low security of the dynamic password authentication in the prior art.