Mutual authentication or two-way authentication (sometimes written as 2WAY authentication) refers to two parties authenticating each other suitably. In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity. When describing online authentication processes, mutual authentication is often referred to as website-to-user authentication, or site-to-user authentication.
Typically, this is done for a client process and a server process without user interaction.
Mutual SSL provides the same things as SSL, with the addition of authentication and non-repudiation of the client authentication, using digital signatures. However, due to issues with complexity, cost, logistics, and effectiveness, most web applications are designed so they do not require client-side certificates.
As the Financial Services Technology Consortium put it in its January 2005 report, "Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud."
Famous quotes containing the word mutual:
“Louise Bryant: I’m sorry if you don’t believe in mutual independence and free love and respect.
Eugene O’Neill: Don’t give me a lot of parlor socialism that you learned in the village. If you were mine, I wouldn’t share you with anybody or anything. It would be just you and me. You’d be at the center of it all. You know it would feel a lot more like love than being left alone with your work.”
—Warren Beatty (b. 1937)