Google’s new web logins save us remembering passwords

152685de-9752-11e3-a78b-dbb649a790d6_323631v1--646x363

Slick Login

http://www.afr.com/f/free/technology/digitallife/google_new_web_logins_save_us_remembering_Ge3MrJySxfS8rMcYC5juAL

One day soon(ish), if Google has its way, you’ll log into web sites by holding your phone up to you computer and have them whisper sweet nothings into each others ears.

No more user names or passwords to remember. Just your phone.

Google has just acquired SlickLogin, an Israeli startup that has been working on technology that would use a smartphone as a security token at online banks, or any other web sites that want decent internet security.

A lot of banks already use mobile phones as the second factor in two-factor authentication, as you would know. Once you login, the banks will SMS you a code if you want to proceed with a novel transaction, and you have to type the code into the web site to prove you are in possession of the phone linked to the account.

But the SlickLogin technology is quite different. It’s not for authorising a transaction, but for logging into the site in the first place. (Though one imagines it could also work for authorising transactions, too.)

SlickLogin has never released this technology, but apparently it works something like this:

When you go to log into a web site, the site will play barely audible, high-frequency sound through your PC’s speakers. Your phone, held up to the PC, hears the sound, decodes it, and encodes its own response sound, which it plays back to the website through the PC’s microphone.

It’s your basic challenge-response security arrangement, proving to the website that you are in possession of a phone linked to an account. The website would then log you into that account, without you ever entering in a user name or a password.

One imagines that the SlickLogin app on the phone would itself be locked with a password, and you would have remember that one password, making it a little like LastPass and other password managers that let you store multiple, impossible-to-remember passwords in a single vault, all secured by the one password.

The advantage of the SlickLogin system over LastPass etc, one imagines, is that you would get two-factor authentication every time you visit a secure site: you would need to be possession of the phone itself, and you would need the password to unlock the app on the phone.

———–

“you’ll log into web sites by holding your phone up to you computer”

so if you stole someones phone and got the initial password..mmm..

oh its israeli software..any backdoors?

401

About these ads

~ by seeker401 on February 19, 2014.

3 Responses to “Google’s new web logins save us remembering passwords”

  1. Reblogged this on U.S. Constitutional Free Press.

  2. http://news.softpedia.com/news/Google-s-QR-Code-Login-Experiment-Has-Been-Shut-Down-246945.shtml I think this might have been the first iteration with SlickLogIn the “something better”
    http://www.nextgov.com/nextgov-sponsored/2014/02/kiss-passwords-goodbye-single-sign-future-within-reach/78284/?oref=ng-HPriver This is even worse

    • “Passwords, the go-to for identity management since the dawn of the Internet, don’t prove your identity. They prove that somebody (you…or someone posing as you) knows the password, but passwords alone just don’t cut it anymore. As concern about data breaches in government organizations grows, secure identity management is more important than ever.

      Several government efforts aimed at piloting or improving identity management are underway. GAO and USPS recently teamed to create the Federal Cloud Credential Exchange Program (FCCX), a way of using FICAM authorization standards to allow public access to online services at multiple agencies without the need for multiple passwords. Programs like FCCX drive toward the creation of what NIST’s National Strategy for Trusted Identities in Cyberspace (NSTIC) calls the “Identity Ecosystem”— an online environment where users can securely validate their identities across multiple websites using a single secure login.”

      looks like a clusterfuck in the making!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 957 other followers

%d bloggers like this: