Death To Typed Passwords? Google Acquires SlickLogin Which Sings Authentication
SlickLogin is an Israel based startup, which plans to disrupt the authentication mechanism normally used on the Internet. It was launched at the Disrupt SF 2013 Battlefield last year, and sensing the immense benefits this app offers, Google has decided to acquire the company.
SlickLogin posted an update on their website, confirming this news.
What is the idea?
Normally, when you visit a website which needs authentication (example emails, social media networks etc), you put in a password which is sometimes authenticated by an external password via mobile (example being Gmail). But with SlickLogin, both of these methods would be things of past.
Imagine you have installed SlickLogin app on your mobile, and you have just visited a website which has SlickLogin enabled verification process. Now, when you click on the “Login” button on the website, your computer will emit a very low frequency sound which will be picked up by the app in your mobile; and your login is completed!
This type of login process can also be used as a secondary layer above the primary password based authentication process. But this authentication system is so powerful that password based verification can be completely removed.
What happens internally?
The secret sauce of this process is the extremely low frequency sound produced by your computer, which only your mobile can hear (via the app). No human ear can detect the sound, making it impossible to hack.
Further, as the computer is generating a unique sound everytime, cracking this app becomes very tough. It also uses GPS technology to match your location, as a further security layer. Once the sound and the app matches the configuration, you are let in.
In case your company already has an app, then SlickLogin mechanism can be embedded into your own app by adding 5 lines of code. This makes it even more easy to adapt, and hence, extremely scalable.
Dangers?
Obviously, the biggest danger arises when your phone is stolen and then anybody can gain access to any website protected by this unique mechanism. But the founders of SlickLogin state that once your phone is stolen, everything connected with it is anyways compromised, which doesn’t make it a bigger threat.
But yes, one feature which needs some changes is the ability to authenticate any website, without even unlocking your phone. The app is programmed to detect this special sound in the unlocked state as well.
It is assumed that the development team, which would now work at Google campus, is sorting out the differences and issues and testing is on. Reportedly, talks are on with one major International Payment gateway to embed SlickLogin mechanism on their payment systems as well.
What do you think about this new password killer? Will it work? Please share your views by commenting right here!