The Swiss start-up Futurae introduces a procedure in which you can easily log on to online services with the sounds of your environment. Why? The background is that identity theft is a serious problem in our digital society. The passwords with which you identify with many online services are rarely certain. They can be steered firstly, as numerous data screw trains occupy , secondly, they would have to be so complex that one can only very difficult to memorize. For this reason, 2-factor authentication has existed for some time: For a bank transfer, for example, you receive a transaction number (TAN) via SMS on the mobile phone, which you then enter into the browser. This is safer, Because criminals usually do not reach your smartphone, but still uncomfortable wait for SMS, read on the mobile phone, enter. But hey, security costs comfort.
2-factor identification without user input
Futurae, founded by graduates from the Swiss Federal Institute of Technology (ETH) Zurich, has been working on more comfortable procedures for a long time. The solution is Soundproof : The PC, which you are currently registering, takes up the ambient sounds (bird chirps, music, conversations) and calculates a checksum. On your mobile, Futura's app is the same. If the checksums match, the smartphone app allows the login on the PC. This would make soundproof a 2-factor identification without user input. The phone can even stay in the case of the bag, according to Futurae.
Security or privacy nightmare?
Of course, this raises questions: Is not that a bad danger to privacy when listening to the PC and smartphone? "No," says Claudio Marforio from Futurae, "we can not spy on the users." Because the recorded sounds do not leave the device, it only compares typical characteristics of the sounds. But could not an attacker run in the same room or run the same radiosender trick out? According to Futurae: If you log in for the first time in a new browser or on a new device, the app requires a manual confirmation.
Comfort and safety? Not yet!
Futurae has been researching soundproof for several years to make it really safe. The Swiss security researchers have already presented the procedure to a critical public even two years ago at the Usenix Security Symposium.Since then, the main focus has been on fine-tuning the process and financing Futurae. What is really new is how the Swiss are writing about the start-up capital and the first pilot projects. It takes a while, however, until you can easily identify yourself with Soundproof.