Google acquires audio ID startup SlickLogin

Google has acquired Israeli startup SlickLogin, which enables online services to authenticate a user with sound waves

Google has acquired Israeli startup SlickLogin that has developed technology that enables online services to authenticate a user with sound waves.

SlickLogin confirmed the acquisition on its website but did not provide any financial details of the deal.

Online services that use SlickLogin play a unique sound inaudible to humans over a user’s computer speakers which is picked up by the SlickLogin smartphone app and sent back to confirm identity.

SlickLogin's technology uses a combination of protocols, including Wi-Fi, Bluetooth and QR to verify that a user's smartphone is in the same location as the computer being used to access to the online service.

The technology’s creators claim it offers “military-grade” security as everything is heavily encrypted and the sound transmissions will work only with the user’s smartphone at a particular moment in time.

According to the firm’s website, SlickLogin’s three founders are recent graduates of the Israeli defence force’s elite cyber security unit, and have more than six years’ experience working on cutting-edge information security projects.

The technology can be used either as a replacement for a password or as an additional security layer to enable two-factor authentication.

Google was one of the first online firms to offer two-factor authentication to users, with several others following suit in light of several high-profile leaks of usernames and passwords.

Most two-factor authentication systems in use rely on one time pass cards sent via text message or codes generated by tokens or other special gadgets.

However, text-based systems are vulnerable because if hackers compromise accounts they can change the mobile number set to receive the codes.

SlickLogin eliminates this vulnerability and does not require users to carry around a separate gadget for generating codes as used by some UK banks.  

Some analysts expect Google to use the technology to enable two-factor authentication for Android devices and all Google services.

The acquisition is consistent with Google’s goal to enable easier, more-secure online authentication.

In October 2013, Google confirmed that it is planning a two-factor authentication token, and the firm is also a member of the  Fast IDentity Online (Fido) Alliance.

The alliance is an open industry consortium set up to develop standards for simpler, stronger authentication and recently published draft technical specifications for a new authentication protocol.

The Online Security Transaction Protocol could eliminate the use of passwords in the future by enabling the interoperability of a variety of multi-factor identity checks.

These include include biometrics, Trusted Platform Modules (TPMs), USB security tokens, embedded secure elements (eSEs) and smart cards.

Read more on Identity and access management products