Google seems to have no shortage of cash, and they equally seem to have no shortage of interest in buying up interesting companies doing great things in all facets of technology. Their latest purchase is SlickLogin, and this one really is a doozie. SlickLogin, a company that’s just 5 months old, specializes in coming up with interesting, innovative and secure ways to unlock devices or log in to services.
But the most interesting part of their portfolio is audio authentication. To hear them tell it, the process consists of a website playing an audio file — maybe one that’s inaudible to the human ear — that is to be picked up by a nearby phone. The phone will analyze the audio file being played and will send word back to the website that you are who you say you are.
The system also uses all sorts of other methods to help triangulate location, including Bluetooth, WiFi, GPS, and more. This is done mainly because they’ll want to verify that your phone and your PC are at least in the same general vicinity before allowing the method to log you in).
It doesn’t sound like a strong method on its own, though SlickLogin suggests their solution is secure enough for sites to use it as a standalone method of signing in if they wanted. That said, SlickLogin has always contended that their system is best used as part of a multi-step authenticator, so it’ll be interesting to see if it ultimately becomes another part of Google’s already secure suite of tools for secure logins.
Wondering about how secure this method is? There are a few things to keep in mind about SlickLogin’s system:
- Everything is heavily encrypted, from the audio file to the credentials being transferred.
- The audio file played is unique to each login, so no one will be able to login using a recording.
- Information about the credentials are never stored in the audio file.
- Credentials are stored in secure locations on your phone and your phone alone, so someone else can’t pickup your audio file and log into your account.
After all that, the only way anyone should be able to log into your account is if they have physical access to your phone near your computer. And for added peace of mind, you’d probably be interested to know that the trio of engineers who worked on this are part of the Iranian Defense Force’s elite cyber security unit, so their credentials are quite hefty.
It’s hard to visualize the concept without anything tangible, of course, so we’ll have to wait and see how Google puts the team to work before getting a sense of it for ourselves. We’re curious to know if any of you would be interested in using something like this with, say, your Android phone to log into your Google accounts, or whatever it is Google hopes to do with the technology. Let us know how you feel about all of this in the comments below.
[via SlickLogin]
Can someone give me the Sesame Street version of how this will improve my user experience on my Nexus.
It won’t do anything for your phone. Your Nexus will simply be a security interface for using your computer.
@netguru2000:disqus
I think it is less for your Nexus and more for the web (based on what is already developed and described above). For example, I have 2-step verification on my google account, so when I am logging in to Gmail from a computer, I can’t just provide a password. I also pull up an app on my Nexus that provides a temporary pin number that must be provided before I can access my google account. With this technology, presumably I wouldn’t need that additional step because instead my computer could communicate directly with my phone and authenticate itself. This could probably be used as a primary security setting or secondary (as in the case of 2-step authentication).
Sounds like a cool concept. :o