I was reading about Google's acquisition of two-factor authentication vendor SlickLogin. Some speculate it could accelerate the rollout and adoption of 2FA using proximity verification. How does this form of 2FA work, and what do you see as the most likely usage scenarios in an enterprise context?
A website utilizing the SlickLogin authentication mechanism generates an ultrasonic frequency sound, which is then played by the user's computer and picked up by an app on a mobile device. This sound is then played back to confirm identity. It is inaudible to the human ear, with a unique key encrypted for each session, and is device-specific, making man-on-the-side or eavesdropping for replay attacks more difficult. The patent-pending technology can also utilize Wi-Fi, Near Field Communication or GPS for proximity verification, with an offline version in the works.
Google acquired SlickLogin five months after it launched at TechCrunch Disrupt. It gave a snazzy demo, which was light on the product's technical innards but intriguing to those looking for secure alternatives to passwords and physical tokens. There was a limited beta, but nothing further about the technology has been announced since the sale.
With Google's array of products heavily dependent on authentication, and with email accounts reportedly numbering over 400 million, there is significant interest in providing secure identity management. Google is a FIDO Alliance member and the SlickLogin product could integrate well with its existing 2FA product, Google Authenticator. SlickLogin's secret sauce could push Google ahead of industry stalwarts such as EMC Corp.'s RSA division and Symantec Corp. by offering an authentication app that's FIDO-compliant and supported by high-profile e-commerce or banking sites, in addition to its own business productivity suite of applications. With the addition of an offline option, Google could gain a foothold in a crowded identity management arena. Offering this simple tool to ease the pain of password management for enterprises also offers easy integration into an intranet Web user interface, as well as other applications, such as VPN.
What's your question?
Got a question about identity and access management technology and strategy in your organization? Submit your question via email today and our experts will answer it for you! (All questions are anonymous.)
Related Q&A from Michele Chubirka, Enterprise IAM
How Aorato's Directory Services Application Firewall protects Active Directory, and why it's useful for enterprises.continue reading
The definition of identity governance has evolved to include a tool that could prove challenging for enterprises to implement.continue reading
After a failed SSO implementation, is there any benefit to an enterprise trying again? Expert Michele Chubirka discusses.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.