Passwords have always been the weakest link in network security, so security experts are working rapidly to shape a brave new password-free world. Big technology companies and consortiums are working to eliminate passwords from today’s security equation and to replace them with browser authentication, SIM card authentication and other identity management tools. Initiatives like Fast IDentity Online (FIDO) and GSMA’s Mobile Connect demonstrate ways tech companies are taking authentication beyond the password.
Security starts with an investment in today’s best network security tools and an understanding of the future of cyber security, where network security is both effective and easy to use. Google’s recent acquisition of Israeli startup SlickLogin shows tech giants are betting their money on a password-free future. They’re also betting on innovative solutions that make security simple.
SlickLogin’s Sound Authentication Solution
Many sound authentication techniques have relied on biometric markers, such as the sound of an individual’s voice. However, because a biometric voiceprint may be vulnerable to sound recording, SlickLogin developed a sound authentication solution that does away with voiceprint identification.
When an end user visits a website, SlickLogin causes the user’s computer to generate a sound undetectable by the human ear. The computer generates a unique sound for every login session. An app in the user’s mobile phone detects the sound and sends it to SlickLogin for authentication. Google paid an undisclosed sum (which is usually business speak for “a lot”) for the company because SlickLogin provides certain advantages over current authentication technology:
- No passwords. Users don’t have to worry about remembering a password or about juggling multiple passwords. They also don’t have to worry their passwords will be lost or stolen. With SlickLogin, passwords could become blissfully extinct.
- Simple authentication. Two-factor authentication adds more security to the login process, but other versions add an extra layer of time and inconvenience. For example, waiting for a website to generate a code and send it to a user’s mobile phone adds more security, but it also delays login and makes many users impatient. SlickLogin keeps the security factor, but cuts out the delays and the extra steps.
- Flexibility. Users can incorporate SlickLogin as a single-login security solution, or they can add the sound authentication as a second step in a two-factor authentication process.
Making Two-Factor Authentication Simple
Security experts use cybersecurity solutions based on any of three elements: something the user possesses, something the user knows or something the user is. Two-factor authentication requires the user to provide two of the three elements before granting admission into a network. For example, a trip to the ATM is an exercise in two-factor authentication: the account holder provides something she has (an ATM card) plus something she knows (her PIN). Security professionals talk about network security and device security every day, so it’s often hard for them to fathom how little the public understands about two-factor authentication. However, 72 percent of people in the U.S. cannot explain what the terms “two-factor authentication” or “two-step authentication” mean, according to a survey conducted by Tyntec and YouGov.
Companies like Twitter, Evernote and Google offer two-factor authentication via SMS. A user provides a username and password to Twitter, and Twitter sends a one-time code via text message for the user to enter in a third field. Unfortunately, many companies don’t do a good job of promoting two-factor authentication and emphasizing how easy it can be. Although two-factor authentication via mobile SMS is easiest for companies, many customers dislike sharing their mobile numbers, citing fears of spam texts and unauthorized telemarketing. Solutions like SlickLogin can alleviate both inconvenience and privacy concerns. SlickLogin could also fulfill the security professional’s dream of making access control simpler.
What’s Next for SlickLogin
SlickLogin’s founders developed their idea, presented it at TechCrunch Disrupt in September 2013, formed their company in December 2013 and made the sale to Google in February 2014. The founders had previous worked for the Israeli Defense Forces cyber security unit, and they will now join Google’s global security team. It’s a Cinderella-like outcome for a startup less than two months old, and their sound authentication technique could become a major catalyst for two-factor authentication adoption.
Photograph by Jaer