Google has acquired Israeli startup SlickLogin that has developed technology that enables online services to authenticate a user with sound waves.
SlickLogin confirmed the acquisition on its website but did not provide any financial details of the deal.
Online services that use SlickLogin play a unique sound inaudible to humans over a user’s computer speakers which is picked up by the SlickLogin smartphone app and sent back to confirm identity.
SlickLogin's technology uses a combination of protocols, including Wi-Fi, Bluetooth and QR to verify that a user's smartphone is in the same location as the computer being used to access to the online service.
The technology’s creators claim it offers “military-grade” security as everything is heavily encrypted and the sound transmissions will work only with the user’s smartphone at a particular moment in time.
According to the firm’s website, SlickLogin’s three founders are recent graduates of the Israeli defence force’s elite cyber security unit, and have more than six years’ experience working on cutting-edge information security projects.
More on authentication
- IT industry group releases password-killing standard
- Password-based authentication: A weak link in cloud authentication
- Biometrics key to frictionless authentication, says BioCatch
- Alternative authentication: New authentication methods for enterprises
- Risk-based authentication (RBA)
- Multifactor authentication (MFA)
- Best of authentication 2012
- Master VMware identity authentication strategies
- Biometric authentication methods: Comparing smartphone biometrics
The technology can be used either as a replacement for a password or as an additional security layer to enable two-factor authentication.
Google was one of the first online firms to offer two-factor authentication to users, with several others following suit in light of several high-profile leaks of usernames and passwords.
Most two-factor authentication systems in use rely on one time pass cards sent via text message or codes generated by tokens or other special gadgets.
However, text-based systems are vulnerable because if hackers compromise accounts they can change the mobile number set to receive the codes.
SlickLogin eliminates this vulnerability and does not require users to carry around a separate gadget for generating codes as used by some UK banks.
Some analysts expect Google to use the technology to enable two-factor authentication for Android devices and all Google services.
The acquisition is consistent with Google’s goal to enable easier, more-secure online authentication.
The Online Security Transaction Protocol could eliminate the use of passwords in the future by enabling the interoperability of a variety of multi-factor identity checks.
These include include biometrics, Trusted Platform Modules (TPMs), USB security tokens, embedded secure elements (eSEs) and smart cards.