Skip to main content

Avoiding the creep factor in authentication

I have recently seen a number of WiKID competitors announced in the two-factor authentication market that seek to reduce the need for user interaction.

The latest is a solution that turns on your microphone and records the ambient sound.  This is just creepy:

The system works like this: when the user enters his username and password into a website that offers Sound-Proof 2FA, the website switches on the computer's microphone and starts recording. At the same time, it pings the Sound-Proof app which does the same.

eavesdropping barbieThere is a security benefit in active involvement by users in the authentication process.  Knowledgeable, aware users are a good thing.  Recording, monitoring, tracking, less so.  Solutions such as these rely on a presumption of an acceptable rate of false positives and negatives.  When an activity is outside of the acceptable rate, then there is a fall-back procedure to other, stronger forms of authentication.  Which begs the question: why not just use the other form of strong authentication?  

Currently unrated

Recent Posts

Archive

2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom