Clever Two-Factor Authentication Using Illiri Sound and Device PairingOctober 30, 2013 No Comments
Featured Article by Vadim Sokolovsky is a founder and CTO of Illiri
Admit it — your users hate two-factor authentication. It is the cherry on top of bubbling frustration with logging in or losing access to their account.
A bank customer has already put in their password, forgot the security question, and selected an arbitrary picture of cats to help secure their identity. They don’t remember their password (8 letters, 1 capital, 1 number, 1 symbol), they don’t remember their pin, and certainly do not remember their account number. But before they take any special actions, like sending $10 to split the cost of last night’s dinner with a friend, the bank asks for more: “We’ll just SMS you this number that you need to retype from your phone” or “Don’t you have a Yubikey?”.
An employee tries to log into their remote desktop from home, because she is feeling under the weather that day. She fumbles for the RSA SecurID and launches the desktop application: “Please provide the number on your token.” She begins to copy the numbers one by one, but mistypes an 8 instead of a 3. “Incorrect. Please provide the number on your token.” Halfway through the second attempt, the number changes. She begins to type it in the third time, but is interrupted by a phone call.
What if there were a surprisingly easy way to side-step this mess? A New York company called Illiri is tackling this problem using an innovative approach. They have developed a technology that pairs devices of almost any type securely using a brief audible soundwave. One device plays the sound, which is unique, encrypted and secure, and the other device listens and hears it. With appropriate user permissions, the devices are authenticated and a session begins that allows them to connect.
This approach is private, quick and easy to implement. The company is developer-friendly, having built both direct consumer applications and an API for others to leverage its technology. The sound authentication works – on iPads, Samsung tablets, enterprise desktops, and personal mobiles. It can connect one to one, or one to many. And since this is a software solution, rather than a hardware solution, it is easily compatible with different versions of devices that users have and which inevitably cause difficulties for implementation for others.
Though easy to use and provide, this patented technology is actually quite complex and has been several years in the making. It brings together expertise in multiple areas: sound processing and analytics, database architecture and design, a scalable server that matches millions of sessionIDs in real time, as well as application development across several mobile platforms. Air is a very noisy medium with many sounds on the same frequency – imagine a user chatting with a friend or in a loud office while activating the authentication process. Illiri has developed sophisticated algorithms for detecting and decoding the signal in any type of sound environment.
So back to our two use-cases. In the first, the user logs into the bank website. He is ready to send the $10 to his friend. A sound icon called “Submit Using App” is provided instead of a “Submit” button. The user takes out an Android phone and launches either the bank’s or Illiri’s application. He clicks on the sound icon and a sound is played over his desktop speakers. His phone lights up with the payment information and he taps “Submit” on his phone. The website on his computer refreshes and congratulates him on the payment sent.
The home-bound employee opens the remote-access software, which pops up a dialogue with a sound icon called “Connect Securely”. She clicks the button, the computer plays the sound and the phone she placed on the table lights up with an invite to connect into her work computer. After a quick tap on the “Accept Connection” button, the computer logs into remote desktop.
No numbers to copy. Nothing to get frustrated about.
Vadim Sokolovsky is a founder and CTO of Illiri, a pioneer in audio-based connection technology. He holds an MS in Math from St. Petersburg University, Russia, and an MBA from Sloan MIT. He has over 25 years of experience in the software and financial industries.SECURITY