Two Factor Authentication

Swiss researchers use background noise as an additional safety feature to log in to the PC.

Simple passwords, because all security experts agree, are not sufficient to protect a PC in the long term – because like a password so long and complicated to be. It is an external attacker in the hands, through interception of data or a phishing attack which has free ride.

For critical applications such as online money transfers or E-Mail services, is therefore increasingly standard-the so called two-factor authentication (2FA) and is highly recommended.

That is to say: in addition to the password, there are also still another safety feature on an additional device, such a transaction number is sent by SMS to the mobile phone of the user or a push message to an app. Very convenient that so far not each user also used the 2FA-Absicherung even if it is officially offered in practice however, is not.

A team of researchers of the Swiss Federal Institute of technology (ETH) in Zurich consisting of simplified therefore now radically the two-factor authentication from Nikolaos Karapanos, Claudio Marforio, Claudio Soriente and Srdjan Capkun, to enforce it easier for Internet users. “Most users prefer currently pure password-based systems,” they write. This is done using existing technology in PC and mobile of user: which used microphones in virtually any device.

Both PC as well cell phone with a special login app, where the user has registered, the ambient noise record during login automatically and match them against each other. Both units receive the same sounds, they therefore must be in a common place-and one who enters a password via the computer, also has access to the registered mobile phone. Could a hacker captured just a password, that is not the case. The second factor would not properly authenticate.

Apparent in user testing with Google’s two-factor process that subjects felt the technology as simple as the standard method – and a majority decided to insert sound-proof, if the 2FA-Verwendung is always optional.

“Sound-proof improves the usability and feasibility of 2FA-Verfahren and can lead to a widespread assumption,” the scientists hope.

The system should work according to Karapanos & co. even then still sufficiently reliable if it is mobile in the backpack or the owner’s pocket, so only suppresses the sound recording is possible. For this, the login app must however run in the background or be woken up. “As long as both drives are present in the vicinity, the process works,” the researchers write. Sound-proof works with current Web browsers like chrome, Firefox or Opera and will can be implemented technically quickly. Companies can implement it server-side.