Proxy Authentications

[Mailvaganam, Hari]

Hi List:

There is an iOS app that requests users to enter our institution's credentials, and subsequently proxy authenticates, via a home server, to a CAS integrated application (and scraps for class schedule).

The iOS caches the credentials on the iOS app and/or home server (a la phishing if captured).

Aside from user education, are there potential steps to mitigate this occurring? Implementing 2F or CAPCHA-type may not be customer support practical/accessibility, on a broad scale, and to all applications.

Blocking the home server via IP, or if unique header, would be whack-a-mole -- with the ease to spin new servers/tunnel and/or change headers.

Thanks.