Google Thinks It Can Replace Passwords With Inaudible Sounds Only Your Phone Can Hear
Google has acquired SlickLogin, an Israeli startup that has developed an ingenious solution to the pain-in-the-butt that is “two-factor authentication” (when you have topunch in your password and a code from a text message on your phone to access a web site or app).
The company lets your phone “listen” to a web site, and the confirmation of the unique inaudible sound confirms it’s you trying to get access, not a hacker in a remote location.
You’d never need a password again — just hold your phone near your computer.
Cult of Android explains it best:
Here’s how SlickLogin works. You visit a site that supports SlickLogin. Instead of entering a name or password, you simply hold your smartphone close to the laptop or computer you’re using, and entry is granted.
The sound code is different each time, so person requesting access has to be in the room every time — hackers can’t do that.
What’s really happening is that the web site is playing a sound, which is encrypted data encoded into ultra-sonic (higher than human hearing) sound. Your phone hears it, and sends the data back to the SlickLogin servers. That’s the authentication.
SlickLogin launched at Disrupt five months ago. Here’s a message from the founders:
We started SlickLogin because security measures had become overly complicated and annoying.
Our friends thought we were insane, but we knew we could do better. So we set out to improve security while still making it simple for people to log in.
Today we’re announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way. Google was the first company to offer 2-step verification to everyone, for free – and they’re working on some great ideas that will make the internet safer for everyone. We couldn’t be more excited to join their efforts.