ClickCease

Sound May Replace OTP as Second Factor of Authentication

Prove
September 15, 2021

Two-factor authentication (2FA), though not cool, is essential. 2FA protects online accounts from data theft even if the user ID and password are compromised. At present, the second factor of authentication is, by and large, an OTP (one-time-password) which the customer gets on his mobile phone either in the form of an email, SMS, or a phone call. Furthermore, these passwords are time-bound and, in most cases, are valid for 30 seconds or lower. As a result, most online users still prefer password-only authentication (single-factor authentication) primarily because using 2FA is annoying and requires communication between the user/customer and his phone.

Wouldn’t it be great to have the two-factor authentication in place, but all of it automated with no/little human intervention? That is precisely what a group of researchers from the Swiss Federal Institute of Technology in Zurich, Switzerland, has been working to solve. They have come up with a concept known as Sound-Proof.

Using Sound-Proof, a user does not require interacting with his phone. In the mechanism, the proximity of the user’s phone is used as the second factor of authentication. The verification happens by comparing the ambient noise recorded by microphones. The user experience, in this case, is similar to the password-only form of authentication. Researchers currently have built a prototype for both Android and iOS. They have also observed that noise is a robust mechanism to determine the proximity of two devices both indoors and outdoors.

How does Sound-Proof work?

Step 1 (once per website): Set up the phone to enable Sound-Proof and follow the instructions on a Sound-Proof-enabled website to set it up with the smartphone.

Step 2: Log in with your username and password. The user can keep his phone in his pocket, in the purse, or on the table. Of course, it works in many other places as long as it is close to the user.

Step 3: The phone and PC will automatically record ambient sound for a very short time (~3 seconds). The recordings are compared by phone. If the recordings match, then the user is logged in.

The Sound-Proof system will upload and verify the digital signatures of the sound instead of the actual recording. Hence, privacy is not compromised. However, this solution seems to have one downside: it may not work so well with customers using desktops (desktops do not have an in-built microphone). At present, Sound-Proof remains a research project. However, the team is hopeful that it will be able to turn the innovation into a tech startup at some point in the future.

To learn about Prove’s identity solutions and how to accelerate revenue while mitigating fraud, schedule a demo today.


Keep reading

See all blogs
Developer Blogs
Why Identity Verification Matters for Developers

Identity verification is crucial for developers to prioritize in their applications to ensure a secure and trustworthy online environment for all parties involved.

Nicholas Dewald
November 22, 2024
Developer Blogs
Document Verification: An Outdated Identity Check in the Digital Age

In an age where our smartphones have become almost like extensions of ourselves, the identity assurance achieved through smartphone possession and data is a natural evolution.

Leandro Margulis
November 13, 2024
Gig Economy Fraud: Can Digital Identities Be the Solution?

Rodger Desai, CEO of Prove, a leading identity verification solution provider, offers a unique perspective on the rising fraud in the gig economy, advocating for robust digital identity verification as a key defense mechanism.

Brad Rosenfeld
November 6, 2024