Norwegian computer security expert Trond Lemberg claims to have invented a new type of two-factor authentication that will leave four and six digit PIN codes—the ones you use when logging in to your bank and other services—obsolete. The new invention works like so: You log in like usual, using your password and user name. Now, instead of typing in the PIN usually recieved by text message or code generator, the system automatically dials your phone. When the user holds the phone over the computer speakers, the the server will tell the computer to stream a unique sound wave which will then be picked up by the phone. The phone will redirect this to the server of the service you are trying to enter, and the server will compare this to the signal emitted by the computer. If the signal is the same, you will be granted entry to the service. The whole process, if done correctly by the user, will take 2-3 seconds. This type of authentication will require nothing more from the user than holding the phone. The system has been tested under “noisy conditions”, and ambient noise doesn’t seem to have an effect on the authentication.
The whole service is planned to be encrypted using SHA-256.
If the user has to pay for this kind of service remains to be seen, as the phone service provider will probably charge for the traffic. The technology is still being tested, and is currently under review for a patent, but it will be interesting to see how this will develop into the future.