In addition to capturing regular passwords, man-in-the-middle attacks can be used to intercept one-time passcodes offered by traditional two-factor authentication systems.

FORBES: Google Reveals Details About Its Plan To Fix Password Security

These apps failed to implement standard scrambling systems, allowing "man-in-the-middle" attacks to reveal data that passes back and forth when devices communicate with websites.

BBC: Android apps 'leak' personal details

For users, Upadhyay said the plan offers effective protection from phishing a technique that online attackers use to get you to reveal your password and man-in-the-middle attacks in which online attackers set up a fake website in order to capture your credentials, or intercept them some other way.

FORBES: Google Reveals Details About Its Plan To Fix Password Security

But apps written to the protocol can be vulnerable to denial-of-service, session hijacking, and man-in-the middle attacks over the Internet, as well as an attacker actually able to "watch" the transactions, says David Goldsmith, CEO of Matasano Security, who will present the firm's new research on FIX at the upcoming Black Hat USA briefings later this month.

FORBES: Magazine Article