We were very pleased to see that Google is expanding its search for better authentication techniques than passwords beyond OATH after the acquisition of SlickLogin.
SlickLogin focuses on an important piece of the authentication puzzle: ease and simplicity for the user. The idea of just placing your phone near your laptop to log in sounds cool and simple, and as it is based on sound waves it doesn't need specialised hardware such as Bluetooth or RFID, which is not typical for these kinds of system.
There are other products on the market that make use of simple ways to connect the PC and phone for authentication, for example a QR code via the camera.
As such, this is not a new scenario, just a new communications medium. However, the day-to-day practicalities are yet to be understood. For example, what if my PC is set to use my Bluetooth headphones for audio instead of my speakers?
As the app needs to 'listen' for sound, it either needs to be running all the time - which would use up battery power - or you would have to start it up when you want to use it, which makes it no different from other smartphone app-based systems.
Additionally, it requires data connectivity to verify the login. As such, it could be argued that a totally out-of-band data-driven app that uses a toast pop-up with an 'OK' button would be easier and more secure, or at least more reliable and consistent.
Back to the password problem. SlickLogin claims it can augment or replace a password. If you are just adding a token to a password then, from a security point of view, it is no more secure than OATH, since every time you log in with a password or PIN you give away your secret.
If you used SlickLogin to replace a password completely, you would need only to put your phone near your PC to log in, which would seem slick and simple indeed, but it is still only one-factor authentication.
Worse still, if somebody left their phone on their desk to pop out for a coffee, that's a very easy hack.
While this acquisition has indeed made headlines and reminds us that we need to move beyond passwords, we will wait and see what realistic scenarios in which Google can make the technology work securely.
Steven Hope is chief executive of Winfrasoft
Vendor expects increased focus on artificial intelligence to reap $3.5bn in revenue this year
CRN sister publication CPI casts its eye over the most head-scratching vendor M&A activity this year
Vendor claims cloud business is growing
Tom Corrigan opens up about battling the political and economic events affecting the email security vendor's UK growth
Symantec's enterprise division was bought by Broadcom last month
MD of 89th-ranked Top VAR reflects on its ‘challenging and expensive’ digital transformation
Capita Consulting aims to have 450 consultants by end of 2020
Simon Harbridge reveals details of the new structure as well as why he expects its recycling business to grow significantly in the next few years
80th-ranked Top VARs’ MD on how it has coped with slowdown in its core schools market