Two-factor system uses ambient sounds to verify your login

The content below is taken from the original (Two-factor system uses ambient sounds to verify your login), to continue reading please visit the site. Remember to respect the Author & Copyright.

Two-factor can keep your Gmail, iCloud and other accounts from getting hacked, but it’s unfortunately rather tedious to use. That’s why a team of researchers from the Swiss Federal Institute of Technology in Zurich, Switzerland has developed a tool called "Sound-Proof" to make the process less painful. Any app or program with Sound-Proof integrated can authenticate your logins by listening to ambient sounds. That’s it — you don’t need to pick up your phone, generate a passcode or wait for a text with one, so long as you’ve already installed the tool’s mobile app.

For instance: if you sign into the app on your laptop browser, the app fires up on its own, and both your computer and phone will start listening for sounds. Once the system determines that both devices are hearing the same background music, AC hum or the rhythmic snoring of your dog, then you get logged in. According to the researchers, the tool only uploads the "digital signature" of the sounds around you and not the sounds themselves in order to protect your privacy. Plus, it doesn’t need extensions or any other additional downloads for computers, so it works even if, say, you’re using a roommate’s laptop.

While it’s definitely a lot easier to deal with than traditional two-factor, it’s also clearly imperfect. Determined hackers who already have your password can follow you around until you’re in the same place to access your account. Since the app starts listening in on its own, you might not even know that someone’s trying to hack you until it’s too late. Some elements might prevent sounds from matching up, as well, and don’t forget that you need a data connection in the absence of WiFi. We hope the team finds a way to make Sound-Proof more secure before releasing the tool as an actual product. As it is, it’s just a research project, which the team will present at the Usenix security conference this August.

Filed under:


Via: Wired

Source: Arxiv

Tags: mobilepostcross, security, sound-proof, two-factor