Skip to main content

Avoiding the creep factor in authentication

I have recently seen a number of WiKID competitors announced in the two-factor authentication market that seek to reduce the need for user interaction.

The latest is a solution that turns on your microphone and records the ambient sound.  This is just creepy:

The system works like this: when the user enters his username and password into a website that offers Sound-Proof 2FA, the website switches on the computer's microphone and starts recording. At the same time, it pings the Sound-Proof app which does the same.

eavesdropping barbieThere is a security benefit in active involvement by users in the authentication process.  Knowledgeable, aware users are a good thing.  Recording, monitoring, tracking, less so.  Solutions such as these rely on a presumption of an acceptable rate of false positives and negatives.  When an activity is outside of the acceptable rate, then there is a fall-back procedure to other, stronger forms of authentication.  Which begs the question: why not just use the other form of strong authentication?  

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom