Sound May Replace OTP as Second Factor of Authentication

Two-factor authentication (2FA), though not cool, is essential. 2FA protects online accounts from data theft even if the user ID and password are compromised. At present, the second factor of authentication is, by and large, an OTP (one-time-password) which the customer gets on his mobile phone either in the form of an email, SMS, or a phone call. Furthermore, these passwords are time-bound and, in most cases, are valid for 30 seconds or lower. As a result, most online users still prefer password-only authentication (single-factor authentication) primarily because using 2FA is annoying and requires communication between the user/customer and his phone.

‍

Wouldn’t it be great to have the two-factor authentication in place, but all of it automated with no/little human intervention? That is precisely what a group of researchers from the Swiss Federal Institute of Technology in Zurich, Switzerland, has been working to solve. They have come up with a concept known as Sound-Proof.

‍

Using Sound-Proof, a user does not require interacting with his phone. In the mechanism, the proximity of the user’s phone is used as the second factor of authentication. The verification happens by comparing the ambient noise recorded by microphones. The user experience, in this case, is similar to the password-only form of authentication. Researchers currently have built a prototype for both Android and iOS. They have also observed that noise is a robust mechanism to determine the proximity of two devices both indoors and outdoors.

‍

How does Sound-Proof work?

‍

Step 1 (once per website): Set up the phone to enable Sound-Proof and follow the instructions on a Sound-Proof-enabled website to set it up with the smartphone.

‍

Step 2: Log in with your username and password. The user can keep his phone in his pocket, in the purse, or on the table. Of course, it works in many other places as long as it is close to the user.

‍

Step 3: The phone and PC will automatically record ambient sound for a very short time (~3 seconds). The recordings are compared by phone. If the recordings match, then the user is logged in.

‍

The Sound-Proof system will upload and verify the digital signatures of the sound instead of the actual recording. Hence, privacy is not compromised. However, this solution seems to have one downside: it may not work so well with customers using desktops (desktops do not have an in-built microphone). At present, Sound-Proof remains a research project. However, the team is hopeful that it will be able to turn the innovation into a tech startup at some point in the future.

‍

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.