Google has bought a company that specializes in using sound as a security authentication method. It could make two-step verification a quicker process.
Israel-based SlickLogin uses a signal of soundwaves created uniquely for each individual verification. The sound is too quiet for the human ear to own and the user needs to place a smartphone right next to the speakers on their computer. An app on the phone “hears” the sound and passes the details back to the server to confirm reception.
The process proves that the user not only knows the log-in details for the account, but has access to a specific physical device, namely the phone. You have to set-up your phone in advance to tie it to your log-in details, so you shouldn’t have to worry about somebody with a high-powered microphone intercepting the audio signal or some other outlandish trick.
While Google hasn’t commented on the reasons for the purchase, the SlickLogin system is said to work much more quickly than most other two-step verification systems which involve waiting for a text message on your phone, something that’s always subject to delay if networks are congested.
There are a couple of practical limitations. At the moment, the phone must have a data connection to be able to complete the verification, though SlickLogin is working on a way round that. And the system only works with computers that have speakers available and switched on. That could rule out some situations such as cybercafes, which also happen to be among the most likely places where sites like Google will run two-step verification on your account.