Skip to content


Today I happen to be reading Naked Security near the washing machine which is spinning a load of towels. Yesterday it wasn’t running. The day before I was at my vacation cabin. Which one of those sound templates is the one I have to reproduce to log into Naked Security?

2FA by sound==> FAIL


To answer your question, the sound you have to reproduce is the one you hear now, your washing machine. You prove that you know your password in the normal way, and at the same time your phone automatically proves that it is near the computer that you are logging in to by detecting the same sound. If someone steals either your password or you phone, but not both, they wouldn’t be able to log in in the same way.


you misunderstand how the system works. Your phone and the PC you are logging into must both have microphones. When you login with your password both apps listen to the ambient sound where they both are in that same moment. So there is no saved profiles. My home pc does not have a mic so…no good there.

It is an interesting idea although they needed rely on ambient sound. Since the system relies on input from both your phone and the target system they could have the phone make a randomly generated unique sound. The sound could be in a range above what people can hear.

The article does do that little trick that advertisers do tho. They make the alternatives sound really difficult. There are plenty of 2FA solutions that don’t require a separate physical token. They are also phone based. one time passwords either via SMS or something like Google Authenticator. Those solutions work wonders for me, I just wish more sites supported that. Especially domain registrars and banks. You can 2FA your email and facebook account but doing the same for your bank or domain register is much harder at this time.


Something “automatic” like this makes life a little easier than other 2FA options, IMO. I get what you’re saying about alternatives, but this would just be another way that would require even more limited interaction than having to pick up the phone (or even pull it out of your pocket if the article is correct).

As far as the hacking in close proximity fear, I think you could mitigate that to some extent by just having the app provide a notification on the phone when the login is completed and the ability to log out immediately and/or request your approval (recognizing that this negates some of the convenience I mentioned above).


So say I’m logged into amazon on my phone and I want to login to amazon on my computer and family guy is on tv in the room that both my phone and computer are in, this application would log me into amazon on my computer once both devises verify that they both are hearing the same thing?


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!