Discussion in 'Article Discussion' started by Gareth Halfacree, 17 Feb 2014.
Audio-based security heading to Android.
Maybe I'm misunderstanding this, but am I right in thinking that this system doesn't actually prove that you're you, only that you're using your tablet/laptop or using an authorised tablet/laptop?
Technically, a password doesn't prove that you're you either. The system works by ensuring that anyone logging in to your account holds your phone. Given that you'd notice that your phone was missing if someone stole it, and anyone attempting to crack your account over t'net doesn't have your phone, it's pretty secure. Lock the app on the phone with a master password - something only you know, and a person stealing your phone doesn't know - et voila: you have two-factor authentication (something you know, and something you have.)
Google already has an application, Google Authenticator, which installs on your smartphone and acts as the 'something you have' portion of two-factor authentication - but it requires you to type in a six-digit number displayed on-screen within a short time period to work. Using SlickLogin, the difficulty in getting technophobic family members to use such a system goes away: there's no more "load the app, look at the numbers, QUICKLY TYPE THEM I... oh, you were too slow, OK, look at the new numbers, TYPE... no, number lock wasn't on, that's OK, look at the new number... no, you've loaded Facebook now, press the Home button and re-launch Authenticator... no, that's Angry Birds, press the Home Button again..." - just "press the SlickLogin (sorry, Google SlickLogin) button and hold the phone near your laptop/desktop/tablet."
This sounds a little like that malware that used sound to repair it's self.
What happened with that, was it found to be a hoax ? or was the guy actually losing his marbles ?
That's the bit I missed. I was thinking the sound played out of a PC/tablet's speakers and was picked up by the same device. Having it played by one device and picked up by another makes much, much more sense!
So, it's more like an RSA key fob without the fiddly stuff of typing in the number because it's all automatic. In a sense, you still have the equivalent of the fob, it just does the awkward bit of typing for you.
Suddenly it all makes sense
Presactly. It's a neat idea, although one I fear may end up limited to Google's own services. Which'd be a shame.
Separate names with a comma.