QuickAuth: Two-Factor Quick Authentication Based on Ambient Sound

Authentication is the first step to access a resource (service, website, data, etc.), so it is of vital importance in a system. The most widely used authentication mechanisms are one-factor authentication based on password and two-factor authentication methods which require a password and another factor (verification code, biometric feature, hardware token, software plug-in, etc.). However, in many public areas, passwords may be exposed to other monitoring equipments or even other people; while authentication for the second factor always requires human-machine interaction. As a result, password might suffer misuse by others; the latter may need extra procedures and incur long delay, decreasing usability and deployability of the system. In this paper, we propose QuickAuth, which aims to develop a simple, yet quick authentication method that does not rely on password such that the entire authentication procedure can be implemented automatically with minimal user involvement. In QuickAuth, one authentication factor is the user's cellphone, and the other is the proximity of the cellphone to the computer which the user wants to login to. The proximity of the two devices is obtained by comparing ambient sound recorded by microphones. Through the real-world implementation and evaluation, we show that QuickAuth works well in terms of usability, deployability, and security in the environment of public areas.