New Tech Pairs Cellphone, Sound for Secure Logins

John Lister's picture

If Google's latest acquisition is any indication, sound could be the key to enhanced login security.

Set up by former members of the Israeli military, SlickLogin is based around high-frequency tones, virtually inaudible to the human ear. In theory the system could be used as the main way to log in to a site, but Google seems more likely to use it for two-factor authentication.

The idea of two-factor authentication is to combine two different types of security measure: something you know, and something you have. With the system Google already uses, the 'something you know' is your user name and password, while the 'something you have' is a cellphone. (Source:

Google's Two-Factor Authentication: Current

At the moment, Google's two-factor authentication can be bypassed if a user logs into their system using the same PC on a regular basis. Presumably this is done using a tracking mechanism, such as web browser cookies.

If the same user moves to another (remote) location, Google will then send a text message security code via the users' cell phone. Once the code is received, it is input into the computer in addition to a password, thus enabling two-factor authentication.

The idea is that even if a third-party gets hold of your password (through Spyware, or hacking, for example), they'll still need physical access to either your computer or your phone to get into your account, or the login simply won't work.

There are limitations to such a system, however. One is having to wait for a text message for each and every login; the wait time can be irritating, and therefore puts users off from using the system.

SlickLogin Speeds up Authentication

Google thinks the SlickLogin system could be a way round that, as it works almost instantly. (Source:

To use the system, the user must have a smartphone with a special application and register the account. When the user tries to login from an unfamiliar location, the system requests the user hold the smart phone next to the computer's speakers.

The computer will then emit a unique tone that changes with every login attempt. The phone will input the tone, convert it into a digital code, and send a message back to SlickLogin to confirm reception, thus permitting login.

The tone only works one time and only with a specific phone and account. If the security sound is captured by a third-party, it is rendered useless.

SlickLogin: Caveats

There are caveats in using such a system. One is that it can only work with smartphones that have a microphone.

Secondly, it also only works if the speakers on the computer are switched on, something that might not be applicable (if for example, a user is in an Internet cafe and the PC does not have speakers).

Rate this article: 
Average: 4 (3 votes)


jsteedley's picture

Hello, all.
Is it just me?
I thought this would be about a program to secure my cell phone, using sound.
Seems like a good idea, since a cell phone needs good security, already has a microphone, AND a microprocessor & RAM. What would would it take to get voice recognition on a cell/smart phone, anyway?
I think I smell a GREAT app!
Have a GREAT day, Neighbors!