Google acquires SlickLogin, a sound-based authentication startup
Google has acquired SlickLogin, asecurity startup centered around a novel authentication method.SlickLogin uses sound to recognize auser's identity. A website plays a randomly-generated sound through acomputer's speakers. This high-frequency sound is inaudible forhumans. A smartphone held close to the computer runs an app thatpicks up the sound, analyzes it, and matches it with the user's logincredentials stored on it. The result gets sent back to SlickLogin'sserver, and the user is granted access to the website. It'sinteresting to see how where else this method can be implemented.Mobile apps are one possible frontier, as developers claim thatSlickLogin support can be added with just five lines of extra code.
Interestingly, One of SlickLogin's founders happens tobe a graduate of the Isreali Defense Force unit, and his partnershave plenty of security-related experience. When asked about possibleloopholes, they stated that "man in the middle" attacks areout of the question, as the data sent between devices is encrypted.Recording it for later usage is useless, as the audio is generatedrandomly at each login. Furthermore, the assailant's phone must haveyour login credentials stored on it to gain access to your account.
SlickLogin's founders expressed theirexcitement to join Google's efforts. They noted that the tech giant"was the first company to offer 2-step verificationto everyone – for free”. According to them, Google is ”workingon some great ideas that will make the internet safer for everyone.”Before its acquisition, SlickLogin worked on a proof of concept witha "major international bank". In this method, the phonerequired an internet connection, but the startup has a patent foroffline usage pending.