This is where a hacker installs software on a user’s PC to record keystrokes or views the data transmitted between the user’s browser the online server by monitoring the traffic. In both cases the hacker can look through the recorded text to find a regularly repeated string of characters. This could be a username and the current password. Sirius uses the concept of a Memorable Word. The user is asked for two or three characters from the Memorable Word. The whole word is never typed in. This makes determining the Memorable Word much more difficult.
Another way Sirius defends against Man in the Middle attacks is through the use of One Time Passwords. Every time Sirius exchanges data between the user’s browser and the online server Sirius sends out a unique One Time Password or OTP. It looks like this:
72ABC0BD-253B-4F38-BAB9-7745D4E65E12
When the browser sends back the next request it sends the OTP with it. Sirius then checks that the OTP is the same. If not the user is logged out immediately. This makes it very, very hard to hijack a user’s session.