Swiss researchers want to make 2FA-Verfahren easier by the presence of be checked by PC and cell phone in a room.
A password may be so long and complicated-there is an external attacker in the hands, has the free ride. For critical applications such as online money transfers or E-Mail services, is therefore increasingly standard – the so called two-factor authentication (2FA) respectively is recommended.
That is known to be: in addition to the password, there are also still another safety feature on another device, such a transaction number is sent by SMS to the mobile phone of the user. Very convenient that so far not each user also used the 2FA-Absicherung even if it is officially offered in practice however, is not.
A team of researchers of the Swiss Federal Institute of technology (ETH) in Zurich will therefore now radically simplify the two-factor authentication, technology review reported in its Online Edition (“safe thanks to sound”). This is done using existing technology in PC and mobile of user: the installed microphones. Check Areacodesexplorer for innovative smartphones.
The procedure called the sound-proof, which is currently in the prototype stage, relies on two parts: A browser based software on your PC and a previously by the user to register login app on the phone, which should be available for iOS and Android. Both the login in the browser on the PC (the technology is so far not suitable to login on the mobile) automatically take the ambient noise on and same them off against each other. Both units receive the same sounds, they must be therefore in a common place. Could a hacker captured just a password, that is not the case, the second factor could not authenticate.
The system should operate according to the researchers even then still sufficiently reliable when the phone is in the backpack of owner’s, so only suppresses the sound recording is possible. To do this, the app must however running in the background. Sound-proof works with current Web browsers like chrome, Firefox or Opera and will can be implemented technically quickly. Companies can implement it server-side.