Google

Google buys SlickLogin: Can sound waves solve the authentication problem?

Google recently acquired Israeli startup SlickLogin, which uses sound waves as a security layer for two-factor authentication. Here's why it matters.

 

slicklogin
 Still reeling from a recent security breach that left nearly 55,000 Google accounts compromised, Google has acquired an Israeli security startup called SlickLogin that uses sound waves to add another layer of security to login authentication. The company was founded about a year ago by three graduates of the Israel Defense Forces' cybersecurity unit.

SlickLogin's technology emits a high-frequency sound from a user's smartphone. A user simply places their phone next to their computer and they will be able to log in. The sound wave technology can be used as a single authentication measure, or can be used as one part of two-factor authentication for even stronger security.

Interestingly enough, SlickLogin never even made it to market. According to Nimrod Kozlovski, a partner at Israel-based JVP Cyber Labs, it seems they went straight to acquisition.  

"SlickLogin was known only in the cyber experts community and not known to the public. They only recently announced their product and were bought prior to any market penetration or major investment. It is uncommon that a company is acquired at such [an] early stage by a multinational corporation," Kozlovski said.

Security startups are gaining traction worldwide, but cybersecurity startups are especially big in Israel right now. With GE announcing its early investment in Thetaray and IBM purchasing Trusteer, it's becoming a common occurrence for multinational companies to step into the startup space in Israel. Even Prime Minister Benjamin Netanyahu declared: “Beersheva will be the new cyber capital of Israel.”

It seems that Google is working to beef up its security measures across the board. In January, Google purchased Impermium, a startup focused on eliminating spam and online fraud. According to TJ Keitt, senior analyst at Forrester, authentication is a major issue for Google.

"It's a multi-factor authentication play, which has always been an important question for prospective Google Apps customers. In some heavily regulated fields, IT leaders are required to put certain levels of security around systems containing potentially sensitive information. So, some early Google efforts to address this have been forcing users to use PINs sent to mobile devices (something they'd made available in the consumer market).

"But with the increasing diversity of devices available on the market, and IT departments not necessarily exercising full control over these devices, two-factor authentication with mobile devices could be compromised," Keitt said.

No one can say definitively what Google will use the SlickLogin technology for. They could absorb the company and mix it into their secret sauce, or they can further invest in, and develop, the technology to use it to make Android and/or Chrome devices more secure.

Some factors that could point to absorption are the fact that SlickLogin's CEO Or Zelig has already changed his job title on LinkedIn to "Product Manager at Google" and the SlickLogin site quickly changed its contact email to press@google.com. According to Gartner's Ant Allan, this acquisition could help with the move toward a more "frictionless" user authentication experience.

"SlickLogin reduces the work a user has to do to authenticate compared against OTP hardware tokens, OTP apps, and other OOB authentication methods, for example. It is not the only solution that does so. In the mid to long term, we expect an increase in adoption of user authentication methods that are essentially passive (recognition technologies). SlickLogin is a step in the right direction (as long as it is as secure as it needs to be!)," Allan stated.

Up to this point, Google's main argument for the use of products like Chromebooks was that they were comparable to their Windows counterparts.  With the addition of new security measures, like those offered by SlickLogin and Impermium, Google could be making the push to offer their products as a better, more secure, alternative to Windows.

Also see

About

Conner Forrest is a Staff Writer for TechRepublic. He covers Google and startups and is passionate about the convergence of technology and culture.

4 comments
Jgibson987
Jgibson987

Slick Login is pretty neat technology but I think Google could have done their research a little better and found other 2fa companies who haven't quite "made it to market." The main issue I have with 2fa solutions is the usability factor. I don't want to take my phone out of my pocket every time I need to login to something. So Slick Login is convenient in the aspect that you don't have to type in any extra passwords... but you still have to take your phone out of your pocket and place it next to your computer for it to work properly. I found this awesome 2fa solution through my password manager (LastPass) called Toopher and I want the whole world to know about it. It is hands down the most usable 2fa solution that I have tried. They offer an automation feature (for people like me who don't want to do ANY extra steps) that makes the authentication process completely natural and hassle free to me. Once I set up my locations I don't have to take any extra steps... the authentication happens in my pocket. Pretty neat technology. I wish it was offered in more places.

Dusty Studebaker
Dusty Studebaker

How will it differentiate between a live voice and a recording?

Jgibson987
Jgibson987

I think they use sounds waves? Not sure if you can record sound waves? But that would be a huge vulnerability if you could. Interesting point.

bblinn
bblinn

@Jgibson987 Perhaps you've heard of Thomas Edison. He invented the phonograph in 1877. It records sound waves.

Editor's Picks