By now nearly everyone is in agreement that passwords are not the safest way to authenticate users. They can be hacked, cracked and sometimes are literally as simple as ABC, so there’s been a great effort from the bigger technology companies to replace generic passwords with something that’s a lot more harder to crack, if not impossible.
We have seen many concepts and ideas being floated about. Biometrics have been preferred, but can be cumbersome to implement in mobile devices, with the exception of the elegant solution in the iPhone 5s. Motorola has been talking about tattoos and skin implants that could replace passwords. And late last year, an Israeli startup SlickLogin showed off its sound-based verification system at TechCrunch’s Disrupt SF 2013 Battlefield.
Fast forward to 2014 and Google has now purchased SlickLogin in an acqui-hire deal that will see the Israeli startup’s team move to Google’s offices and continue their work. So what exactly does SlickLogin’s technology do that had Google so interested in acquiring it. To put it simply, it relieves the user of the burden of having to enter pins and passwords for two-factor authentication. Currently Google's two-step process involves a mobile phone where an SMS code is sent to authenticate users. As the TechCrunch profile explains, SlickLogin can be used as the second level in a two-step verification process (i.e instead of the SMS) or can replace the whole username-password method altogether.
Whenever you visit a website with a SlickLogin-enabled login process, all you need to do is click on the login button and place your phone near the computer. SlickLogin will first verify your phone’s position to determine that this is not an attempt at fooling the system. This includes various factors such as Wi-Fi, Bluetooth, NFC, or GPS.
But the slick login system (get it?) comes from the use of unique sounds that are inaudible to the human ear. When the computer plays the sound through its speakers, an app on your smartphone can recognise it and authenticate the login.
It’s said to be secure as each time the sound generated is completely unique and won’t be replicated for a particular app. The creators also say that since login data is stored on your phone, anyone trying to hack into your account by intercepting the uniquely-generated sound before it reaches your phone, will most likely end up giving you access to their account, rather than having access to yours. App developers can make use of the SlickLogin method by adding a few lines of code to their existing app, so there’s no need for extra hardware.
Published Date: Feb 17, 2014 04:52 pm | Updated Date: Feb 17, 2014 04:52 pm