Sound Ideas: Google Advancing Security Measures with SlickLogin Purchase
Strong user verification has become a linchpin of internet operations in recent years, and for very important reasons. With more and more information—professional and personal—stored in the cloud alongside countless digital libraries containing games, books, albums and software, and online banking in the ascendancy, the risk of theft or other relevant kinds of fraud has skyrocketed. Enter SlickLogin, an Israeli company with a system of confirming identity through the delivery of unique audio signals. With Google gobbling it up, it won’t be too long before we see—or hear—some new things from our Google products. Give me your attention, tune your ears to Exposition FM, and I’ll tell you more below.
Expiration and Annoyance
Anyone who’s used Steam on multiple machines—or installed the Android app to chat to their friends while away from their computer—will know its secondary layer of authentication. If the device making the connection attempt hasn’t been used for Steam before, the user is required to confirm that the attempt is legitimate by submitting a code sent to their Steam email address alongside the correct account details. For someone who only uses Steam on their laptop or desktop and rarely removes anything, it barely even qualifies as an inconvenience.
I, however, change the ROM on my phone on a regular basis, often requiring the reinstallation of apps, and—even more awkwardly—use third-party sites to access and manage items in my Steam inventory. If I’ve cleaned my browser history since I last used a site, or maybe even just restarted my computer, I get the whole process again. New email, new code, new confirmation. It somehow manages to be more annoying on my phone despite being necessary less often, as the CAPTCHA recognition only works properly about a third of the time, meaning I end up spending ten minutes or so each time having the email sent to me again and again because it keeps timing out.
Call and Response
With SlickLogin, verification is as simple as building the software into the security platform and having a compatible app on your smartphone. When you try to log in, the device will emit a short burst of ultrasonic sound, an audible key generated specifically for the session and coded to your handset. You only need to put your phone close enough to the speaker (or headphone earpiece, presumably, since there’s no reason why that couldn’t work) to pick up the key; once the app has detected it, it can confirm success over the internet. It’s not dissimilar in principle from the NFC technology already present in various phones and tablets, but it doesn’t need any lofty wireless protocol standards. As long as there’s a data connection present and a functioning microphone, you are adequately prepared to rock and/or roll.
The real stumbling block, of course, is making it a standard, which is where Google comes in. It shouldn’t be particularly difficult to bake it into future iterations of Android—making it a seamless part of an Android device’s core functionality—though given that some of the appeal of this system stems from its suitability for all kinds of different systems, there would also have to be a new app made available in the Play Store. However they approached it, the connection with the user’s Google account should make everything function pretty smoothly, although it might then invite more advanced security for the phone itself to compensate for the additional danger inherent to making it such a critical part of the process.
The Google Machine
We’ve reached the point where we seemingly can’t make it through a week without Google buying a fresh start-up to add to its collection, and I really hope every acquisition eventually proves to have been building to something. It doesn’t have to be one ultimate project—like a giant mecha-style GoogleBot—but it would be a shame if ideas went to waste because the Mountain View boffins found that they had bitten off more than they could chew. It would be nice for something to come of the SlickLogin deal in the near future, anyway, since as far as I can tell it’s pretty much good to go as soon as Google is ready to implement it.
Anyway, that’s all for now. I’ll talk to you next time, by which point Google will hopefully have purchased me, potentially making me the heir to their massive fortune. You’ll know it’s me because I’ll make a series of high-pitched clicking noises. And because of my name, I guess. I also have a secret handshake, but the world isn’t ready for that.