CybersecurityA new two-factor password method provides better protection
A team of BGU cybersecurity researchers pioneered a new form of two-factor authentication that provides every user with stronger protection and is accessible to people with disabilities. This new method of authentication, in which ultrasonic vibrations are used in lieu of memorizing six-digit codes, works on today’s phones, laptops and tablets. It allows those with disabilities to log in with dignity and privacy.
A team of BGU cybersecurity researchers pioneered a new form of two-factor authentication that provides every user with stronger protection and is accessible to people with disabilities.
In an interview with TechRepublic, Dr. Yossi Oren, a senior lecturer in BGU’s Department of Software and Information Systems Engineering and head of the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU, describes how ultrasonic vibrations are used in lieu of memorizing six-digit codes.
This new method of authentication works on today’s phones, laptops and tablets. It allows those with disabilities to log in with dignity and privacy.
Dr. Yossi Oren says, “People already know that passwords are not a good way to protect your accounts [because] when somebody steals your password you’re gone for. So people are starting to use what’s called two-factor authentication.
“You type in your password and then you have to type in an extra code, which used to be sent over text message, but there’s now something very terrible called SIM jacking, which means you have to find another way to get these digits to you.
“So you go to a website and you have to recall your password, and then you have this device which has six digits on it. You have to look at these digits, memorize them, and then put them into your phone or to your computer to log in.
“And the problem is that this process of looking at these digits, memorizing them, and typing them in, which sounds so very simple, is not so simple if you are a disabled user. Some people don’t have the vision required to see these digits. Some people don’t have the ability to memorize six digits for the 30 seconds it takes to copy them from one device to the other. And some people don’t have the fine motor skills required to log in, to punch in these digits. How do we let these people use two-factor authentication with dignity and with privacy?
“What we did is we found a way to send this two-factor authentication code using ultrasonic vibrations. What you do to log in is you take a device, which we are prototyping right now, to your phone and just touch them together. Three seconds, that’s all it takes for this token to pass from this device to your phone.
“You don’t have to buy new hardware; you don’t have to install new software; you don’t have to get new permissions for your website or whatever. So any website, any app which uses two-factor authentication can use this to allow disabled users to log in with dignity and privacy.”
— Read more in Jason Hiner, “Two-factor authentication gets simplified with a new sonic vibration token,” TechRepublic (7 March 2018)