A method of multi-factor authentication includes receiving, by a remote hosting server from a terminal, a request from a user possessing a trusted device to access a remote service. The remote hosting server generates challenge chirp signal information and sends the challenge chirp signal information to the terminal and the device. Measurements are received of a room impulse response taken by each of the terminal and the trusted device using the chirp signal information. It is checked whether a location of the terminal is known based on a measurement of the room impulse response. The measurements of the room impulse response of the terminal and the trusted device are compared. A level of access to the remote service is granted to the user based on whether the location of the terminal is known and whether the trusted device is present at the location of the terminal.