Toward Usable and Accessible Two-Factor Authentication Based on the Piezo-Gyro Channel

Two-factor authentication (2FA) is crucial for protecting the security of users authenticating to online servers. Despite its importance, users hesitate to use 2FA, due to usability issues. In this report we present a prototype implementation of PiGy, a novel system which improves the usability of existing methods, without compromising on security and compatibility. In PiGy, a one time password is automatically passed from the external token to a smartphone by selectively applying an acoustic stimulus to the phone's microelectromechanical (MEMS) gyroscope, using a piezoelectric transducer. This scheme is much easier to use, requires no additional hardware support on modern phones, and is fully compliant with the time-based one time password (TOTP) standard. We implement a proof of concept of PiGy, and perform both a functional test and a user study to evaluate it. Through our evaluation we show that this authentication scheme is a viable alternative to existing methods, and that users agree with its usability advantages.