Mutual authentication or two-way authentication (sometimes written as 2WAY authentication) refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity. When describing online authentication processes, mutual authentication is often referred to as website-to-user authentication, or site-to-user authentication.
Typically, this is done for a client process and a server process without user interaction.
Mutual SSL provides the same things as SSL, with the addition of authentication and non-repudiation of the client authentication, using digital signatures. However, due to issues with complexity, cost, logistics, and effectiveness, most web applications are designed so they do not require client-side certificates.
As the Financial Services Technology Consortium put it in its January 2005 report, "Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud."
Famous quotes containing the word mutual:
“Whoever takes a view of the life of man ... will find it so beset and hemm’d in with obligations of one kind or other, as to leave little room to suspect, that man can live to himself: and so closely has our creator link’d us together ... that we find this bond of mutual dependence ... is too strong to be broke.”
—Laurence Sterne (1713–1768)