Tuesday, August 18, 2015

Making 2-factor authentication easier

Two factor authentication can increase the authentication security of any system. It depends on something you know (like a userID/password) and something you have (like a SecurID token or a special one-time key sent to your phone.)

The problem with the token is that they wear out or otherwise fail - and you have to type in the key or copy and paste the key. One-time key's sent to your phone are pretty convenient, but you need to type in the key and this introduces delay in the sign-in process. What we'd like is a more transparent process.

A new system is being developed by researchers at by the Swiss Federal Institute of Technology in Zurich - it's called "Sound-Proof". It uses ambient sound as a second factor, comparing the background noise being received from your phone to the background noise received from your computer. If they match, it lets you in. It's based on the premise that your PC and your phone, if close enough together, will hear the same thing. This proximity implies that you are who you say you are. 

It's ingenious. They've done some prototypes and the results look promising.

Here's a link to the research paper describing Sound-Proof: http://arxiv.org/pdf/1503.03790v3.pdf

No comments:

Post a Comment