In the previous discussion,
we saw how a user identifies himself to the system.
The following example illustrates why it may be also
important for the system to be able to identify itself
to the user.
A popular method for gathering passwords uses the following strategy.
A user executes leaves running on a terminal a program that simulates the
login behavior of the system:
it prompts the user for a login name and a password.
When a trusting user enters the two items,
the program writes this information in a file accessible by the owner of the program,
enters the error message "Invalid Login",
and executes next the standard system user authentication program.
The user,
thinking he had mistyped his password,
repeats his actions,
which lead to a successful login.
Thus he never realizes that his login name and password have been gathered
by another user.