Blog

Sound May Replace OTP as Second Factor of Authentication

Post by:
Prove
September 15, 2021
Sound May Replace OTP as Second Factor of Authentication

Two-factor authentication (2FA), though not cool, is essential. 2FA protects online accounts from data theft even if the user ID and password are compromised. At present, the second factor of authentication is, by and large, an OTP (one-time-password) which the customer gets on his mobile phone either in the form of an email, SMS, or a phone call. Furthermore, these passwords are time-bound and, in most cases, are valid for 30 seconds or lower. As a result, most online users still prefer password-only authentication (single-factor authentication) primarily because using 2FA is annoying and requires communication between the user/customer and his phone.

Wouldn’t it be great to have the two-factor authentication in place, but all of it automated with no/little human intervention? That is precisely what a group of researchers from the Swiss Federal Institute of Technology in Zurich, Switzerland, has been working to solve. They have come up with a concept known as Sound-Proof.

Using Sound-Proof, a user does not require interacting with his phone. In the mechanism, the proximity of the user’s phone is used as the second factor of authentication. The verification happens by comparing the ambient noise recorded by microphones. The user experience, in this case, is similar to the password-only form of authentication. Researchers currently have built a prototype for both Android and iOS. They have also observed that noise is a robust mechanism to determine the proximity of two devices both indoors and outdoors.

How does Sound-Proof work?

Step 1 (once per website): Set up the phone to enable Sound-Proof and follow the instructions on a Sound-Proof-enabled website to set it up with the smartphone.

Step 2: Log in with your username and password. The user can keep his phone in his pocket, in the purse, or on the table. Of course, it works in many other places as long as it is close to the user.

Step 3: The phone and PC will automatically record ambient sound for a very short time (~3 seconds). The recordings are compared by phone. If the recordings match, then the user is logged in.

The Sound-Proof system will upload and verify the digital signatures of the sound instead of the actual recording. Hence, privacy is not compromised. However, this solution seems to have one downside: it may not work so well with customers using desktops (desktops do not have an in-built microphone). At present, Sound-Proof remains a research project. However, the team is hopeful that it will be able to turn the innovation into a tech startup at some point in the future.

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.


Create secure frictionless customer experiences using modern identity solutions

Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.

Accelerate your onboarding

Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.

Create frictionless customer experiences

Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.

Schedule a demo

Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.

Schedule a demo

Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.

Interested in more information about Prove Pre-Fill?

Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.