Posted by:
admin
10 years, 6 months ago
I have recently seen a number of WiKID competitors announced in the two-factor authentication market that seek to reduce the need for user interaction.
The latest is a solution that turns on your microphone and records the ambient sound. This is just creepy:
The system works like this: when the user enters his username and password into a website that offers Sound-Proof 2FA, the website switches on the computer's microphone and starts recording. At the same time, it pings the Sound-Proof app which does the same.
There is a security benefit in active involvement by users in the authentication process. Knowledgeable, aware users are a good thing. Recording, monitoring, tracking, less so. Solutions such as these rely on a presumption of an acceptable rate of false positives and negatives. When an activity is outside of the acceptable rate, then there is a fall-back procedure to other, stronger forms of authentication. Which begs the question: why not just use the other form of strong authentication?