Over the weekend, Google acquired SlickLogin, a security startup that enables smartphone owners to log in to their PCs via an inaudible, high-frequency sound. SlickLogin can be used for two-factor authentication, but rather than shipping someone an RSA token, SlickLogin uses a smartphone app like Google Authenticator. Instead of forcing users to type in a long, constantly changing code, though, SlickLogin sends the authentication information via sound waves to a listening computer.
SlickLogin doesn’t just offer two-factor authentication; the sound waves can transmit user account information as well, meaning you could log in to a website by doing nothing other than holding your phone next to a computer.
This is mostly likely the feature that caught Google’s attention.
The Mountain View company has been out to kill the password for some time now. Previously, it experimented with authentication tokens in the form of a ring that could be tapped onto a computer or a USB stick.
The benefit of SlickLogin’s approach is that it doesn’t require additional hardware—most computers already have microphones, and every smartphone has a speaker.
The company launched just five months ago at TechCrunch Disrupt, (and TechCrunch was the first to report the acquisition) where it gave a demo of its technology and fielded questions from the judges. Each login uses a different sound key, so having someone record and play back the login sound won’t work. Everything is encrypted, and while an Internet connection is currently required, SlickLogin says it is working on an offline version.
If the device doesn’t have a microphone, SlickLogin can also work with NFC, Bluetooth, Wi-Fi, or QR codes.