The Sounds of Your World Could Kill Annoying Two-Step Authentication Codes

By Bryan Lufkin on at

Whether your employer requires it or you’re just a paranoid stonewall of personal security, two-step authentication simply does a better job at protecting your online life. But it adds a bit of hassle, too. Now, researchers are testing how to use ambient noises in your environment to confirm your identity, instead of codes texted to your phone.

Yup: Someday your computer and phone may each “listen” for the same sounds filling the room you’re in, be it your office, parents’ basement, a crowded Starbucks, or an underground muay thai match. And it requires no action from you—not even touching your phone. Rather, it compares the ambient noise surrounding your mobile device and your computer, matching their signatures rather than you punching in a text-message code.

The idea is the focus of a research project from Zurich’s Swiss Federal Institute of Technology. Researchers there call it “Sound-Proof,” and their app is currently being prototyped for Android and iOS devices. It can tell that your two devices are nearby by comparing the ambient noise that their mics capture. The team says that it works with major browsers without plugins, and can work even when the phone is in a pocket or purse, indoors or outdoors. (To safeguard your privacy, the devices listen for the “digital signatures” of the sounds, not the sounds themselves.)

You can probably see (hear?) the pitfalls coming from a mile away: What if the hacker is sitting in the same room as you? Or watching the same TV show, as Wired points out? Another pitfall: Engadget mentions that wifi or a data connection would be required.

Still, as more people start using two-step authentication, it seems likely that hackers will get more creative with ways to bypass it. That’s why new approaches, like this sound-based one, could be so important in the future. The team will present their findings at the USENIX security conference this month, when we’re likely to hear more about the details of their system.

And we’ve said it before, but we’ll say it again: If you don’t have two-step login enabled on everything already, do it now.

[ via Wired and Engadget]

Image credit: Shutterstock