For instance: if you sign into the app on your laptop browser, the app fires up on its own, and both your computer and phone will start listening for sounds. Once the system determines that both devices are hearing the same background music, AC hum or the rhythmic snoring of your dog, then you get logged in. According to the researchers, the tool only uploads the "digital signature" of the sounds around you and not the sounds themselves in order to protect your privacy. Plus, it doesn't need extensions or any other additional downloads for computers, so it works even if, say, you're using a roommate's laptop.
While it's definitely a lot easier to deal with than traditional two-factor, it's also clearly imperfect. Determined hackers who already have your password can follow you around until you're in the same place to access your account. Since the app starts listening in on its own, you might not even know that someone's trying to hack you until it's too late. Some elements might prevent sounds from matching up, as well, and don't forget that you need a data connection in the absence of WiFi. We hope the team finds a way to make Sound-Proof more secure before releasing the tool as an actual product. As it is, it's just a research project, which the team will present at the Usenix security conference this August.