New Tech Pairs Cellphone, Sound for Secure Logins
If Google's latest acquisition is any indication, sound could be the key to enhanced login security.
Set up by former members of the Israeli military, SlickLogin is based around high-frequency tones, virtually inaudible to the human ear. In theory the system could be used as the main way to log in to a site, but Google seems more likely to use it for two-factor authentication.
The idea of two-factor authentication is to combine two different types of security measure: something you know, and something you have. With the system Google already uses, the 'something you know' is your user name and password, while the 'something you have' is a cellphone. (Source: wsj.com)
Google's Two-Factor Authentication: Current
At the moment, Google's two-factor authentication can be bypassed if a user logs into their system using the same PC on a regular basis. Presumably this is done using a tracking mechanism, such as web browser cookies.
If the same user moves to another (remote) location, Google will then send a text message security code via the users' cell phone. Once the code is received, it is input into the computer in addition to a password, thus enabling two-factor authentication.
The idea is that even if a third-party gets hold of your password (through Spyware, or hacking, for example), they'll still need physical access to either your computer or your phone to get into your account, or the login simply won't work.
There are limitations to such a system, however. One is having to wait for a text message for each and every login; the wait time can be irritating, and therefore puts users off from using the system.
SlickLogin Speeds up Authentication
Google thinks the SlickLogin system could be a way round that, as it works almost instantly. (Source: slicklogin.com)
To use the system, the user must have a smartphone with a special application and register the account. When the user tries to login from an unfamiliar location, the system requests the user hold the smart phone next to the computer's speakers.
The computer will then emit a unique tone that changes with every login attempt. The phone will input the tone, convert it into a digital code, and send a message back to SlickLogin to confirm reception, thus permitting login.
The tone only works one time and only with a specific phone and account. If the security sound is captured by a third-party, it is rendered useless.
SlickLogin: Caveats
There are caveats in using such a system. One is that it can only work with smartphones that have a microphone.
Secondly, it also only works if the speakers on the computer are switched on, something that might not be applicable (if for example, a user is in an Internet cafe and the PC does not have speakers).
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
RE: cell phone, sound, & security . . .
Hello, all.
Is it just me?
I thought this would be about a program to secure my cell phone, using sound.
Seems like a good idea, since a cell phone needs good security, already has a microphone, AND a microprocessor & RAM. What would would it take to get voice recognition on a cell/smart phone, anyway?
I think I smell a GREAT app!
Have a GREAT day, Neighbors!