News

Google acquires audio ID startup SlickLogin

Warwick Ashford Monday 17 February 2014 08:58

Google has acquired Israeli startup SlickLogin that has developed technology that enables online services to authenticate a user with sound waves.
SlickLogin confirmed the acquisition on its website but did not provide any financial details of the deal.

Online services that use SlickLogin play a unique sound inaudible to humans over a user’s computer speakers which is picked up by the SlickLogin smartphone app and sent back to confirm identity.
SlickLogin's technology uses a combination of protocols, including Wi-Fi, Bluetooth and QR to verify that a user's smartphone is in the same location as the computer being used to access to the online service.
The technology’s creators claim it offers “military-grade” security as everything is heavily encrypted and the sound transmissions will work only with the user’s smartphone at a particular moment in time.
According to the firm’s website, SlickLogin’s three founders are recent graduates of the Israeli defence force’s elite cyber security unit, and have more than six years’ experience working on cutting-edge information security projects.

More on authentication

• IT industry group releases password-killing standard
• Password-based authentication: A weak link in cloud authentication
• Biometrics key to frictionless authentication, says BioCatch
• Alternative authentication: New authentication methods for enterprises
• Risk-based authentication (RBA)
• Multifactor authentication (MFA)
• Best of authentication 2012
• Master VMware identity authentication strategies
• Biometric authentication methods: Comparing smartphone biometrics

The technology can be used either as a replacement for a password or as an additional security layer to enable two-factor authentication.
Google was one of the first online firms to offer two-factor authentication to users, with several others following suit in light of several high-profile leaks of usernames and passwords.
Most two-factor authentication systems in use rely on one time pass cards sent via text message or codes generated by tokens or other special gadgets.
However, text-based systems are vulnerable because if hackers compromise accounts they can change the mobile number set to receive the codes.
SlickLogin eliminates this vulnerability and does not require users to carry around a separate gadget for generating codes as used by some UK banks.
Some analysts expect Google to use the technology to enable two-factor authentication for Android devices and all Google services.
The acquisition is consistent with Google’s goal to enable easier, more-secure online authentication.
In October 2013, Google confirmed that it is planning a two-factor authentication token, and the firm is also a member of the  Fast IDentity Online (Fido) Alliance.
The alliance is an open industry consortium set up to develop standards for simpler, stronger authentication and recently published draft technical specifications for a new authentication protocol.
The Online Security Transaction Protocol could eliminate the use of passwords in the future by enabling the interoperability of a variety of multi-factor identity checks.
These include include biometrics, Trusted Platform Modules (TPMs), USB security tokens, embedded secure elements (eSEs) and smart cards.

Related Topics: Identity and access management products, IT for utilities and energy, IT for consulting and business services, IT for transport and travel industry, Technology startups, IT for manufacturing, IT for charity organisations, IT for telecoms and internet organisations, Privacy and data protection, IT for leisure and hospitality industry, IT for small and medium-sized enterprises (SME), IT for government and public sector, IT suppliers, IT for retail and logistics, IT for media and entertainment industry, Hackers and cybercrime prevention, Healthcare and NHS IT, IT for financial services, VIEW ALL TOPICS

Read More

• Related content from ComputerWeekly.com

  • Twitter strengthens login security after hacker attack
  • Do two-factor authentication vulnerabilities outweigh the benefits?
  • How to address password change frequency, reuse for third-party apps
  • Two-factor authentication options, use cases and best practices
  • Schneier: 'Two-factor security is not our saviour'

• RELATED CONTENT FROM THE TECHTARGET NETWORK

  • Information security podcasts: 2009 archive
  • Speaking of VoIP with Russ Shaw