The Noise Around You Could Strengthen Your Passwords

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Oh look, it's Shazam for passwords. ;)

When you try to login to a site that has Sound-Proof installed, the server will ping an app on your phone. Then both your phone and your web browser will record a few seconds of ambient sound. You don’t need to unlock your phone or even take it out of your pocket or purse, as the recording is triggered automatically by the server.
 
oh nice!! a new security feature that can remotely listen in on me, without me even knowing

NEAT !!!

:rolleyes:
 
kattana said:
oh nice!! a new security feature that can remotely listen in on me, without me even knowing

NEAT !!!

:rolleyes:
Click to expand...


It's a clever fix, not necessarily a great fix, but a clever one that requires zero additional actions by the end user.
 
raz-0 said:
It's a clever fix, not necessarily a great fix, but a clever one that requires zero additional actions by the end user.
Click to expand...

Except that you need to have a microphone on the computer you're using. Not every computer does.
 
Where do they get these dumb ideas anyway? You can't base your security on something you can't control like ambient noise. Background noise can change at any time and there's nothing you can do about it.
 
B00nie said:
Where do they get these dumb ideas anyway? You can't base your security on something you can't control like ambient noise. Background noise can change at any time and there's nothing you can do about it.
Click to expand...
That is the point. Phone and Computer record at the same time and then upload a digital signature of what they heard. It does not matter what changes a second later.

It's a really clever idea, I think, at least as an additional authentication factor.

And about being recorded, guess what, you already are unless you have no cell or landline or never speak to anyone. Google NOW and Siri and Cortana all record you and send data to servers, actual voice data.

I suppose you could make an argument that if someone hacks that app, maybe they can get to those sound signatures but it would still not be audible sound.

For additional authentication I love this idea.
 
B00nie said:
Where do they get these dumb ideas anyway? You can't base your security on something you can't control like ambient noise. Background noise can change at any time and there's nothing you can do about it.
Click to expand...

Totally didn't read it did you.

It's know a something, have a something.

Know your password. Have the cell phone you registered to the service. By comparing the audio recorded AT THE SAME TIME from both the computer and the phone, they can verify the have a something is in the same location as the access is coming from.

How that works if you are browsing on your cell phone? No idea.
 
Hmm, so how will it reconcile a mic recording of an open space with a butt-muffled phone recording?
 
AVogel said:
Hmm, so how will it reconcile a mic recording of an open space with a butt-muffled phone recording?
Click to expand...

I think I will patent a fart signature password recording device. One which would consider fragrance, frequency, and pitch of fart to recognize the user.
I think I'm onto something!!!!
 
B00nie said:
Where do they get these dumb ideas anyway? You can't base your security on something you can't control like ambient noise. Background noise can change at any time and there's nothing you can do about it.
Click to expand...

Ding Ding Ding !

This man deserves a cookie :D
 
After reading the article better I see that B00nie and I didn't have the application understood correctly.

But, this falls short pretty much in the same manner that biometrics can fall short. You would think that a finger print, an Iris Scan, or even this digital signature of ambient sounds from multiple vectors would all be pretty solid. They are too, right up until you consider that these are all transmitted as a digital representation and therefor they can be captured and used by an attacker.

I don't need your fingerprint, I just need a copy of the digital signature of your fingerprint.

I don't need your Iris, I just need the digital copy of your iris.

And I don't have to be in the room with you when I hack your password, I just need to send a pair of matching digital audio signatures by the expected transmission medium.

Is it better, yes it's better. Is it fool proof, nope. And in comparison it's even less secure then a fingerprint as any digital signature can be used as long as it is transmitted as a matching pair over the expected medium.
 
Seems like the better use would be as a salt or form of entropy for password creation.
 
You must log in or register to reply here.
Back
Top