Google acquires sound authentication start-up SlickLogin

SlickLogin logoGoogle has acquired SlickLogin, an Israeli security startup.

The company, formed by three graduates from the Israeli Defence Forces, develops alternative means of web-based authentication, focusing on sound waves as a means of verifying a user’s identity.

SlickLogin confirmed the deal on its website, though the exact terms remain undisclosed. A statement from the company says:

Today we're announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way. Google was the first company to offer 2-step verification to everyone, for free - and they're working on some great ideas that will make the internet safer for everyone. We couldn't be more excited to join their efforts.

Alternative, and secondary, methods of verifying users are becoming more and more commonplace. Many businesses, especially those in the financial sector, have introduced additional account safeguards such as one-time passwords and code-producing gadgets.

In the more traditional physical security environments, such as airports, we have seen the introduction of various types of biometrics including the use of fingerprints, retina scans and even the detection of unique body odours.

Each of these methods of authentication has its potential pitfalls, which is why Google may have taken an interest in SlickLogin with its novel approach to authentication.

Using a device that is widely-owned and highly portable, the process begins by verifying your smartphone’s location. This can be achieved via a variety of protocols including GPS, Wi-Fi, NFC and Bluetooth, amongst others.

Once it has been determined that your smartphone is in the vicinity of your computer or laptop, a unique and inaudible sound will be emitted by the computer’s speakers. An app on your smartphone then picks up that sound via its microphone and authenticates that it is actually you (or at least your phone at any rate) and logs you into the site you were attempting to access.

The company’s founders – Or Zelig, Eran Galili and Ori Kabeli – believe they have covered any security concerns that may be applied to SlickLogin, telling TechCrunch:

Everything is very heavily encrypted, so man in the middle attacks are out. You can't record the audio signal and just play it back later, as the audio is uniquely tied to that moment. You can't just hold your phone up to someone else's audio signal (or grab it from across the room with a directional mic) in hopes of getting logged in to their account before they do; your phone wouldn't have their login credentials stored on it, and that crucial bit isn't wrapped into the sound. If anything, you’d just log them in to your own account.

The team behind SlickLogin will now continue to work on security and authentication technology as part of an existing team in Google’s research and development centre in Israel.

I will be watching with interest to see how Google makes use of its newly acquired technology.