Ambient Noise for use in Multi-Factor Authentication
James Patterson | Last Updated:
Online Privacy & Internet Security Expert
A start-up group in Switzerland may have just come up with the newest “factor” in multi-factor authentication: ambient noise. Soon, the days may be gone where we authenticate by pressing a button on a mobile app or inserting a security token – we may just let our PC kick the microphone on for a few seconds, listen to the noise around us, and then let us in.
The core concept behind multi-factor authentication (MFA) is that a user needs more than a password to log in to a website, application, or device. Traditionally, MFA has employed phone apps or a USB key to act as a second factor so that, even if someone obtained your password, they still wouldn’t be able to log in without having your phone or security key. These solutions can sometimes be clumsy or inconvenient if the user has to dig around for their phone or token.
Now the “Futurae” team, part of Swiss group ETH, wants to put the noise around you to work in the same way. Having recently won 130,000 francs ($135,500 USD, $173,000 AUD) in funding, they are looking to simplify the two-factor authentication process by making login approval as easy as possible.
Their tool, Sound-Proof, works by installing apps on both on your PC and mobile device and analyzing ambient sounds from both sources. It captures a few seconds of audio from each device, compares them, and if they’re the same, lets you in. This concept is based on having both your PC and phone in the same physical location. An attacker trying to access your account will undoubtedly have different ambient noise than wherever your phone is, and Sound-Proof will realize this and block the login attempt.
What if it’s too quiet when you’re trying to log in? They took that into consideration too. In cases of total silence, the requesting device (PC) can fire off a series of inaudible ultrasound “chirps,” which can’t be detected by humans but would be picked up by the mobile device.
Claiming that the technology costs businesses an average of 60% less than traditional MFA tools, Futurae presents Sound-Proof as an effective solution for finance, insurance, e-health, and e-commerce providers. The technology is already being tested in pilot programs with Swiss banks and financial institutions.
While this technology is still in development and not available for public use just yet, it does represent a step forward in personal security and an emphasis on moving away from password-only authentication.