RSA, The Security Division of EMC, announces the removal of Site to User feature in the next Major release of the RSA Adaptive Authentication product.

RSA, The Security Division of EMC, announces the removal of the Site-to-User feature from the next major release of RSA Adaptive Authentication (On-Premise and Hosted), targeted for the first half of 2014. After this release, the Site-to-User functionality will no longer be available with either On-Premise or Hosted versions of the RSA Adaptive Authentication product.  No other functionality will be affected by the removal of this feature.

As the fraud landscape continues to change, RSA constantly innovates to provide better features and functions to protect online customers. New security measures within the RSA Adaptive Authentication product, such as advanced Trojan detection, behavioral analytics, session anomaly detection, and strong step-up authentication methods together provide a stronger layered, end-to-end solution geared to protect online accounts.

Site-authentication images are designed to prevent users from disclosing their login credentials to a phishing site, but the effectiveness of this feature is declining and in many cases provides a false sense of security. With advanced MITM and MITB attacks, fraudsters have effective ways to obtain all login credential information, including site-authentication images.

The Site-to-User feature will be removed from the documentation of Adaptive Authentication Hosted version 11.0 (a documentation update will be notified separately) and from the documentation of Adaptive Authentication On-Premise version 7.1.

The feature will be removed from the product in the next major release, targeted for the first half of 2014. 

If you have any questions, please contact RSA Customer Support by email (support@rsa.com) or by phone: