Two-factor authentication, if enabled, can significantly improve the overall security of an online account. But it's no secret that managing a two-factor enabled account can get tedious. The good news is that we already have the technology to make this additional layer of security more convenient.
Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun of Institute of Information Security at ETH Zurich demonstrated a tool called Sound-Proof which lets one authenticate login attempts via ambient sound.
"In Sound-Proof the second authentication factor is the proximity of the user's phone to the device being used to log in. The proximity of the two devices is verified by comparing the ambient noise recorded by their microphones." the researchers wrote, adding, "Audio recording and comparison are transparent to the user, so that the user experience is similar to the one of password-only authentication."
The idea is that if your device and the second-factor device are at the same place, both will be hearing the same ambient sound, which is good enough to verify the rightful owner of the account is trying to access it. Users will no longer need to generate pass codes or one time passwords on their second factor device to log in.
The researchers tout the capability of ambient noise to be highly sophisticated and capable of successfully determining the proximity of two devices regardless of where they are kept. The ambient sounds uploaded are also in the form of digital signatures to ensure privacy.
So, how soon before we see this technology in our devices? The team further notes that current phones and popular Web browsers can already support this Sound-Proof app without any plug-in. An app for it will soon hit Android and iOS.
It is likely however we won't see this new technology on our devices as soon as the researchers anticipate. That's because this technology will have to go through several tests before any major company implements it into their own products. The technology also seems to have limitations, such as if a hacker who already knows your password is in close proximity, and has access to the same range of sounds.