Google acquires SlickLogin, a sound-based authentication startup
Google has acquired SlickLogin, a security startup centered around a novel authentication method. SlickLogin uses sound to recognize a user's identity. A website plays a randomly-generated sound through a computer's speakers. This high-frequency sound is inaudible for humans. A smartphone held close to the computer runs an app that picks up the sound, analyzes it, and matches it with the user's login credentials stored on it. The result gets sent back to SlickLogin's server, and the user is granted access to the website. It's interesting to see how where else this method can be implemented. Mobile apps are one possible frontier, as developers claim that SlickLogin support can be added with just five lines of extra code.
Interestingly, One of SlickLogin's founders happens to be a graduate of the Isreali Defense Force unit, and his partners have plenty of security-related experience. When asked about possible loopholes, they stated that "man in the middle" attacks are out of the question, as the data sent between devices is encrypted. Recording it for later usage is useless, as the audio is generated randomly at each login. Furthermore, the assailant's phone must have your login credentials stored on it to gain access to your account.
SlickLogin's founders expressed their excitement to join Google's efforts. They noted that the tech giant "was the first company to offer 2-step verification to everyone – for free”. According to them, Google is ”working on some great ideas that will make the internet safer for everyone.” Before its acquisition, SlickLogin worked on a proof of concept with a "major international bank". In this method, the phone required an internet connection, but the startup has a patent for offline usage pending.