Will the PIN code soon be obsolete?

Joakim Larsen 30 May, 2012 at 7:18pm ET Article published in Tech

Norwegian computer security expert Trond Lemberg claims to have invented a new type of two-factor authentication that will leave four and six digit PIN codes—the ones you use when logging in to your bank and other services—obsolete. The new invention works like so: You log in like usual, using your password and user name. Now, instead of typing in the PIN usually recieved by text message or code generator, the system automatically dials your phone. When the user holds the phone over the computer speakers, the the server will tell the computer to stream a unique sound wave which will then be picked up by the phone. The phone will redirect this to the server of the service you are trying to enter, and the server will compare this to the signal emitted by the computer. If the signal is the same, you will be granted entry to the service. The whole process, if done correctly by the user, will take 2-3 seconds. This type of authentication will require nothing more from the user than holding the phone. The system has been tested under “noisy conditions”, and ambient noise doesn’t seem to have an effect on the authentication.

The whole service is planned to be encrypted using SHA-256.

If the user has to pay for this kind of service remains to be seen, as the phone service provider will probably charge for the traffic. The technology is still being tested, and is currently under review for a patent, but it will be interesting to see how this will develop into the future.

Comments

30 May 2012 ~ 7:26pm Tushon That is pretty awesome. I would think that "traffic" will just be classified as a normal phone call, so how that gets billed will be interesting, but still ... pretty awesome.
30 May 2012 ~ 7:31pm TheAlertHusky I am the like :3
30 May 2012 ~ 8:14pm Kwitko Good, then I won't have to listen to people say PIN number anymore.
31 May 2012 ~ 11:25am malia God I hope this happens. I never remember my PIN ATM machines are dead to me. Why are 4 digit numbers so hard??
31 May 2012 ~ 11:27am Thrax Speakers?
31 May 2012 ~ 11:33am Basil
Good, then I won't have to listen to people say PIN number anymore.
But why would people talking about the PIN number they use on the ATM machine annoy you?
31 May 2012 ~ 11:42am MiracleManS Not to mention as crazy as this sounds, I know people with no phone but internet access. Although this could be unique to the US.
31 May 2012 ~ 3:48pm BobbyDigi Using sounds through a phone to authenticate? Is it just me or was this already done a long time ago?....

Handshake anyone?
31 May 2012 ~ 4:12pm primesuspect Apparently you missed my feature image:
31 May 2012 ~ 4:55pm Snarkasm Wonder what their fallback options are when I lose my phone

or leave it at home

or it doesn't have a charge

or I don't have signal

It's not unsolvable, just wondering what they'll do. It's the fallback options that really determine how useful and secure a two-factor system is.
31 May 2012 ~ 5:13pm Tushon Triple security questions or something similar to current fallbacks for PIN issues.
31 May 2012 ~ 7:36pm midga ~~So, if someone steals my wallet and phone, they'll be able to get at my money easier than if they had to use something stored in my head? PINs are too short already.~~

Okay, that was my initial reaction, but then I realized you're talking about instantly-generated second-level authentication that use your phone anyway, not things like ATM PINs. This is pretty neat, but sometimes those come through email, presumably because not everyone can receive texts, or even has a cell phone. As an option, though, I'd love to see it happen.
31 May 2012 ~ 9:00pm BobbyDigi
Apparently you missed my feature image:
I am Mr Derp and you are correct.
2 Jun 2012 ~ 9:26am Tim So what if I left my phone at home or in the car? What if the cell network is temporarily down or I'm in a bad signal service aea? What if there's so much noise around me that the thing can't hear the code cleanly?

What if I didn't pay the cell phone bill and it is shut off? How can I get into my account to get money to pay the cell phone bill if the cell phone is shut off because I haven't paid the bill?

This is just more unnecessary technology. Stick with what works. PIN codes are fine.
2 Jun 2012 ~ 9:38am BlackHawk A smart guy like yourself would probably just avoid all of this technological wizardry and go physically to the bank.
2 Jun 2012 ~ 11:35am Tushon
Triple security questions or something similar to current fallbacks for PIN issues.
Herp derp there is always more than one way to access this