bit-tech.net

Google acquires SlickLogin

Google acquires SlickLogin

SlickLogin's audio-based challenge-response system is likely to appear in a future Android release, as the company is now a Google subsidiary.

Advertising giant Google has acquired SlickLogin, a start-up company which aims to replace passwords with an audio-based challenge-response system claimed to be inaudible to human ears.

Designed to solve the problem of memorising and entering numerous unique passwords for commonly-used sites without the security issue of storing said passwords on your computer, SlickLogin works by having the browser - typically running on a laptop or tablet - trigger an audio signal inaudible to human ears. This signal is picked up by a smartphone running the SlickLogin software, which generates its own signal and plays it back - completing a challenge-response login similar to that offered by smartcards or radiofrequency ID tags but without the need for special hardware.

'We started SlickLogin because security measures had become overly complicated and annoying,' the Israeli team claimed in its announcement of the acquisition. 'Our friends thought we were insane, but we knew we could do better. So we set out to improve security while still making it simple for people to log in.

'Today we're announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way. Google was the first company to offer 2-step verification to everyone, for free - and they're working on some great ideas that will make the internet safer for everyone. We couldn't be more excited to join their efforts.
'

Terms of the deal have not been disclosed, but Google is expected to wrap the technology into a future version of its Android operating system.

5 Comments

Discuss in the forums Reply
Flibblebot 17th February 2014, 13:38 Quote
Maybe I'm misunderstanding this, but am I right in thinking that this system doesn't actually prove that you're you, only that you're using your tablet/laptop or using an authorised tablet/laptop?
Gareth Halfacree 17th February 2014, 16:13 Quote
Quote:
Originally Posted by Flibblebot
Maybe I'm misunderstanding this, but am I right in thinking that this system doesn't actually prove that you're you, only that you're using your tablet/laptop or using an authorised tablet/laptop?
Technically, a password doesn't prove that you're you either. The system works by ensuring that anyone logging in to your account holds your phone. Given that you'd notice that your phone was missing if someone stole it, and anyone attempting to crack your account over t'net doesn't have your phone, it's pretty secure. Lock the app on the phone with a master password - something only you know, and a person stealing your phone doesn't know - et voila: you have two-factor authentication (something you know, and something you have.)

Google already has an application, Google Authenticator, which installs on your smartphone and acts as the 'something you have' portion of two-factor authentication - but it requires you to type in a six-digit number displayed on-screen within a short time period to work. Using SlickLogin, the difficulty in getting technophobic family members to use such a system goes away: there's no more "load the app, look at the numbers, QUICKLY TYPE THEM I... oh, you were too slow, OK, look at the new numbers, TYPE... no, number lock wasn't on, that's OK, look at the new number... no, you've loaded Facebook now, press the Home button and re-launch Authenticator... no, that's Angry Birds, press the Home Button again..." - just "press the SlickLogin (sorry, Google SlickLogin) button and hold the phone near your laptop/desktop/tablet."
Corky42 17th February 2014, 16:52 Quote
This sounds a little like that malware that used sound to repair it's self.
What happened with that, was it found to be a hoax ? or was the guy actually losing his marbles ?
Flibblebot 17th February 2014, 17:46 Quote
Quote:
Originally Posted by Gareth Halfacree
Technically, a password doesn't prove that you're you either. The system works by ensuring that anyone logging in to your account holds your phone.
That's the bit I missed. I was thinking the sound played out of a PC/tablet's speakers and was picked up by the same device. Having it played by one device and picked up by another makes much, much more sense! :D

So, it's more like an RSA key fob without the fiddly stuff of typing in the number because it's all automatic. In a sense, you still have the equivalent of the fob, it just does the awkward bit of typing for you.

Suddenly it all makes sense
Gareth Halfacree 17th February 2014, 17:58 Quote
Quote:
Originally Posted by Flibblebot
So, it's more like an RSA key fob without the fiddly stuff of typing in the number because it's all automatic. In a sense, you still have the equivalent of the fob, it just does the awkward bit of typing for you.
Presactly. It's a neat idea, although one I fear may end up limited to Google's own services. Which'd be a shame.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums