Google has officially acquired Israeli security startup SlickLogin and, we admit, their oft-discussed technology is pretty cool. SlickLogin focuses on using sound waves to give users a means of authenticating into websites they frequent.
Sounds crazy? It's a fairly novel concept, we admit, and one that must have caught Google's attention fairly quickly. SlickLogin's technology first went into closed beta in September of last year and now, just five months later, the company has been bought out in a transaction whose details remain undisclosed.
"Today we're announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way. Google was the first company to offer 2-step verification to everyone, for free - and they're working on some great ideas that will make the internet safer for everyone. We couldn't be more excited to join their efforts," reads a post on SlickLogin's website.
It remains to be seen if, or how, Google might add the company's work to its lineup of web services — and perhaps even the Android operating system itself. If it does, it could make for a novel new way to authenticate into Google-based apps.
SlickLogin's technology uses a combination of protocols to start the authentication process. WiFi, Bluetooth, or QR codes – to name a few – are used to verify that, yes, a user's smartphone is located somewhat near one's active desktop or laptop computer. After that, it gets fun: The computer emits a unique high-frequency, sound wave out of its speakers. A smartphone app recognizes the sound and authenticates that it's actually you and your phone attempting to log into your credentials. Once it verifies you, your smartphone sends the green light to the site you were attempting to log into and off you go.
Those with fairly active technological imaginations can likely conjure up a host of possible ways that this play-a-sound login technology could go wrong. However, SlickLogin claims to have these issues under control. As reported by TechCrunch in September of last year:
"Everything is very heavily encrypted, so man in the middle attacks are out. You can't record the audio signal and just play it back later, as the audio is uniquely tied to that moment. You can't just hold your phone up to someone else's audio signal (or grab it from across the room with a directional mic) in hopes of getting logged in to their account before they do; your phone wouldn't have their login credentials stored on it, and that crucial bit isn't wrapped into the sound. If anything, you'd just log them in to your own account."
Of course, if somebody actually gets their hands on your smartphone, you're hosed. Still, at least SlickLogin's treatment lessens the amount you have to do, or type in, in order to access your favourite two-factor-secured sites.