16
Feb
sllogo

An international mega-corp like Google buys companies like the rest of us buy coffee. Google's latest latte is SlickLogin, a startup that aims to make authentication simpler and safer by using sonic login codes on phones. The details of the purchase aren't public just yet, but SlickLogin's site confirms that "the [team] is joining Google."

323631v1

SlickLogin's system is unique: it uses a cell phone as an authentication key with the help of nearly-silent audio codes sent via computer speakers. When you access a site or service with SlickLogin, your computer speakers send out a series of tones and pitches. Your phone picks up the nearly inaudible signal, then confirms the code with SlickLogin's servers. No passwords are necessary. This creates a very basic login system that's almost entirely passive once set up. SlickLogin has been featured at startup events and partnered with at least one bank for a proof-of-concept, but the website doesn't show any active partnerships. TechCrunch has more information and a video on SlickLogin from Disrupt 2013. The company's contact information is being forwarded to Google's Tel Aviv office.

The application for Google's own services is obvious. A seamless way of logging into existing services (and/or making them more secure with an easy two-factor authentication system) could be a big boon. Then again, this could always be a talent buy or "acqhire" of SlickLogin's three founders, all veterans of the Israeli Defense Force's cyber security team. At the moment it isn't clear whether or not SlickLogin will continue to operate as a separate entity a la Waze, but considering the company's relatively small size and reach, I wouldn't bet on it.

Source: TechCrunch

Michael Crider
Michael is a native Texan and a former graphic designer. He's been covering technology in general and Android in particular since 2011. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

  • Brendan

    I could see those even working from phone to phone for sharing things via a peer to peer network.

    • uberfu

      Kind of like how PGP and NFC work now. Awesome one more annoying protocol to keep up with.

      Just start using higher grade encryption.

  • Bluewall

    This is a very cool way to have some security !

  • Fry

    This sounds awesome.

  •   

    "like the rest of us by coffee"

    • http://thegumshoe.com/ Michael Crider

      No. But I've found that my family's traditional breakfast of pancakes and bourbon is not conducive to writing.

      • Wyatt Neal

        Then apparently your family isn't adding enough bourbon.

  • uberfu

    Computer code based - it's hackable.

    • Andrei

      So are passwords, which are also much more common and usually short and obvious.

    • Brendan Dillon

      Everything is hackable.

  • Matt Shindala

    What's to stop someone from creating an app that listens to these tones, and then a hacker walking into a public area and picking up a bunch of passwords?

    • xriderx66

      Hackers don't leave their basements.

      • abobobilly

        When they do, they'll be branded as terrorists.

        Just an observation.

        • Heather David

          What's to stop them is that the sound is based on timings, a la one time password authentication.

    • Wyatt Neal

      First off, yes, basements are definitely a good stop gap measure, but they've been learning to adapt for many years now so it's likely not a good long term solution.

      What's to stop them is that the sound is based on timings, a la one time password authentication. Check out the Techcrunch article where they dug into it a little more: http://techcrunch.com/2013/09/09/slicklogin-wants-to-kill-the-password-by-singing-a-silent-song-to-your-smartphone/

    • ERIFNOMI

      It won't be a static sound that's unique to you. They should be one time use codes.

  • Roger Siegenthaler

    Seems to work almost exactly like PhotoTAN does, except PhotoTAN doesn't require your second device (your smartphone) to be connected to the internet.

    I've never actually seen it used outside of my bank though. http://www.raiffeisen.ch/web/phototan

  • http://www.bordersweather.co.uk/ Andy J

    Having watched the video Engadget posted about this, I am not convinced about this yet.
    First - it apparently works without unlocking the device or launching any apps - which means the phone must be constantly listening for the signal from the computer - this will surely have an impact on battery. Second - the long term aim (and they have demoed it working) is to replace passwords - this technology will replace the entire login chain - meaning if your device is lost/stolen the person who has your device has your entire login.
    As a 2factor method it is interesting, but I'd rather have to launch the app.

  • David Thoren

    Err... this service sounds cool (no pun intended...), but I don't really see a major benefit to it... just use the already existing google authenticator. And what about people like me that just use headsets? Will I then have to do some sort of phone & headset yoga to get the sounds recognized? My computer is speaker-less.

  • Tim Harper

    This seems like a hugely exploitable option that websites could use for malicious purposes. I think a more audible sound would be more secure, as long it was dynamic, so the user knows when the log-in is happening.

  • moire

    But what if the computer didn't have speakers ?

  • Matthias

    But how do you log in on your PC when your phone is not around? And how do you log in on your phone when your computer is not around?

    • Iwanasay

      As in stolen

      • Matthias

        Or as in "simply not lying around", or maybe "battery died"...

        And what if I want to log in on my phone, without any PC?

    • rodney

      You try to login and click the login button, but your cell phone is not with you. There is a person who has a cell phone sitting next to you, and he/she gets a notifying message saying: do you want login?
      Man, if I click the button all the time, then all the people around me would be bothered with such a notification?

  • rodney

    What if there are multiple cell phones close to the computer? Which person would login?