Google has acquired cybersecurity startup SlickLogin for several million dollars, reports Yaniv Feldman for GeekTime. The exact amount hasn’t been disclosed, but the deal is being seen as hire more than an acquisition since the price is relatively low and the firm consists of just the three founding members, though the company’s patents could also hold value in the future if the core idea takes off.
“SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way,” the company announced on its website.
SlickLogin uses smartphones for two-step verification
Created by Or Zelig, Eran Galili, and Ori Kabeli, all former members of the Israeli Defense Force cybersecurity unit, SlickLogin uses high frequency sounds from a user’s smartphone for two step verification.
Google already offers two step verification free for all users, but it’s not widely used because the process is somewhat unwieldy. When you login to your account, Google sends a text message with a one-time pin that has to be entered before you get access. With SlickLogin, instead of receiving a text message and relaying that information to the computer your smartphone emits a coded sound that the computer records and verifies. For the person signing in, as long as their smartphone is nearby the second step of the verification process is meant to be invisible.
Moving beyond weak passwords
Two-step verification is particularly important for regulated industries and other security-conscious sectors because people often choose weak passwords (common tricks like swapping a 1 for an L don’t really help), reuse passwords in multiple places, and don’t change them often enough. For a large company, there’s almost no chance that everyone is following the security policies. And even for someone who actually uses random strings of letters and numbers, if the password is compromised (eg an unscrupulous colleague peeks over your shoulder) having a second step for verification makes it significantly more difficult to break into someone’s account.
Since SlickLogin’s approach doesn’t require any extra effort from the user, and it doesn’t require any special equipment, it is has a good chance of pushing two-step verification into mainstream use.