TechCrunch reports Google has acquired the startup company SlickLogin, which appears to live up to its name with a whole bunch of clever ways of allowing you to login to a website without using a password. The key ingredient is sound.
To verify a user’s identity and log them in, a website would play a uniquely generated, nearly-silent sound through your computer’s speakers. An app running on your phone would pick up the sound, analyze it, and send the signal back to the site’s server confirming that you are who you say you are — or, at least, someone who has that person’s phone …
But SlickLogin couples this to a range of other markers, such as GPS position, wifi, Bluetooth, NFC and QR codes. For example, a check can be made that both computer and phone are in the same place and connected to the same wifi network.
The approach could be used either as a replacement for a password, or as a form of two-factor authentication. Three of the founders of the company are graduates of the Israeli Defence Force, so it’s no surprise that the security of the system was given a great deal of thought.
Everything is very heavily encrypted, so man in the middle attacks are out. You can’t record the audio signal and just play it back later, as the audio is uniquely tied to that moment. You can’t just hold your phone up to someone else’s audio signal (or grab it from across the room with a directional mic) in hopes of getting logged in to their account before they do; your phone wouldn’t have their login credentials stored on it, and that crucial bit isn’t wrapped into the sound.
Both SlickLogin and Google have confirmed the acquisition.
Today we`re announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way. Google was the first company to offer 2-step verification to everyone, for free – and they’re working on some great ideas that will make the internet safer for everyone. We couldn’t be more excited to join their efforts.
Google acquires a lot of technology, not all of which makes it to market, but as someone who uses two-factor authentication wherever offered, I’d certainly welcome this as a better approach than typing in digits from an authentication app.