Google has bought a company offering a new form of two-factor authentication – using “silent” sounds played via PC and smartphone speakers to verify a user is who he or she claims to be. The company, SlickLogin, claims it’s faster and simpler than many forms of two-factor authentication system, using an automatic process to log users into sites after inaudible ‘dialogue’ between the phone app and the PC.
“We started SlickLogin because security measures had become overly complicated and annoying,” the start-up said in a statement today. “Our friends thought we were insane, but we knew we could do better. Today we`re announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way.”
SlickLogin uses sounds inaudible to the human ear so smartphones and PCs can “talk” – once you hold your smartphone near the PC, the machine plays a uniquely generated sound, and the SlickLogin app “hears” and deciphers it, sending a “green light” to the server that you are who you say you are.
The system uses GPS, Wi-Fi or NFC codes to verify that the phone is nearby – and will “wake” the phone itself, rather than users having to launch an app.
Venturebeat comments that the app has one clear advantage – simplicity, and says that this may appeal to users, “It could be simpler than typing in a password for many users,” the site writes
SlickLogin’s system is one of several new variations on ‘two-factor’ authentication to appear in the past few months, as breaches such as KickStarter’s recent leak hit the headlines, as reported by We Live Security here.
We Live Security offers an in-depth guide to what ‘2FA’ offers – and when you should use it, saying, “Two-factor systems are far more secure than passwords – many high-profile hacks, such as those against the Twitter accounts of media organizations last year, could not have happpened if a 2FA system had been in place.”
Google was one of the first web giants to offer two-factor authentication on its accounts, and has been increasingly vocal on the subject of replacing password-based authentication with more effective solutions. “Passwords are done at Google,” said Heather Adkins, Google’s information security chief, reported by We Live Security here - and said that “the game is over” for start-ups relying on passwords as the chief method to keep users secure. Adkins said that within Google, looking towards the future, “Our relationship with passwords is done.”
The app’s three makers are former members of the Israeli Defense Force’s cyber security unit, and claim their method beats many current two-factor systems due to, “The seamlessness for the user. We’re also more cost effective, because we don’t require any new hardware.”
“Up to 7 different methods are used to verify the phone’s proximity to the computer.These include GPS, WiFi, Bluetooth, NFC, QR codes, and our unique technology, based on audio signals,” the company says.
“Our technology can operate both natively or in the browser – therefore, we support all smart-devices out there. Adding SlickLogin technology to your existing mobile app takes only 5 lines of code. Have no app? Our default application can be redesigned to fit your brand.”
TechCrunch’s Greg Kumparak says he quizzed the three founders on security, and was told, “Everything is very heavily encrypted, so man in the middle attacks are out. You can’t record the audio signal and just play it back later, as the audio is uniquely tied to that moment.
“You can’t just hold your phone up to someone else’s audio signal (or grab it from across the room with a directional mic) in hopes of getting logged in to their account before they do; your phone wouldn’t have their login credentials stored on it.”
Author Rob Waugh, We Live Security