Simplifying Password Security Through Sound: Google’s New Tech ‘Toy’

Feb 18, 2014 By Sarah Vonnegut

Passwords have taken on a bad name lately. In countless security breaches and incidents, they’ve been too easy to crack, too difficult to remember, not encrypted enough, the right way, or at all. We each login to so many different sites on a daily basis, with each one supposed to have its own unique password so that even people with photographic memories would have trouble remembering them all.

One Israeli-based security company, SlickLogin, thinks they’ve got the answer to the ‘Password Problem’– and with Google betting on them as their latest acquisition, they may be on to something. Their authentication technology uses inaudible, high frequency sounds to log in. The technology works this way: A site plays a sound through the computer speakers and an app picks up the noise, first analyzing it and then confirming your identity by sending the signal back to the computer.  It can be used both as a password replacement or a faster two-step verification method.

The company’s co-founders Or Zelig, Eran Galili, and Ori Kabeli, created their product with simplicity in mind. They announced SlickLogin’s new life on their site, writing:

“We started SlickLogin because security measures had become overly complicated and annoying. Today we`re announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating and authentication should be effective without getting in the way.”

They noted that Google was the first to offer free 2-step authentication to the masses and that they’re excited to be on the Google team. All three founders spent over six years in the Israeli Defense Forces, working in the elite cyber security unit, and the SlickLogin team seems to have covered the security bases fairly well. Heavy encryption erases the risk of a man-in-the-middle attack; in addition, each sound is uniquely tied to the moment, so that if someone steals your phone, they wouldn’t be able to login to your accounts later using the same sound. Like most 2-step authentication processes, however, its’ Achilles Heel is that in order to use the extra security we must have the phone on us and charged in order to use it. It’s not perfect, but it’s a first step towards easier security.

Other big tech companies have been coming up with novel ideas for the Password Problem, as well. The FIDO Alliance, a non-profit working to change the nature of online authentication, was launched in 2012 and boasts a membership including Google, Microsoft, Lenovo, MasterCard, PayPal, RSA and others. The group is working on two different user experiences, much like SlickLogin; one version is password-less, and the other is two-step verification. Apple has also been improving its’ device security with the new Touch ID fingerprint sensors, and it was just announced that the new Galaxy S5 will feature a fingerprint sensor of its’ own. Novel authentication technologies have ranged from voice patterns to hand gestures to body odors, so there is hope that easier ways of logging in are on the horizon. Google’s latest move may very well be the beginning of the end of the pesky password.

What do you guys think: Are you considering/Would you consider implementing a sound verification system for your company authentication process?

Read more about Google’s latest acquisition, including a demo video, at TechCrunch.

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.