Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

SlickLogin acquisition: A game changer for Google and 2FA industry?

Google's recent acquisition of two-factor authentication vendor StickLogin could push it ahead in the secure identity management industry.

I was reading about Google's acquisition of two-factor authentication vendor SlickLogin. Some speculate it could accelerate the rollout and adoption of 2FA using proximity verification. How does this form of 2FA work, and what do you see as the most likely usage scenarios in an enterprise context?

SlickLogin, snapped up by Google in February 2014, is the latest in a tsunami of 2FA products aimed at using existing mobile technology to help put passwords to bed.

A website utilizing the SlickLogin authentication mechanism generates an ultrasonic frequency sound, which is then played by the user's computer and picked up by an app on a mobile device. This sound is then played back to confirm identity. It is inaudible to the human ear, with a unique key encrypted for each session, and is device-specific, making man-on-the-side or eavesdropping for replay attacks more difficult. The patent-pending technology can also utilize Wi-Fi, Near Field Communication or GPS for proximity verification, with an offline version in the works.

Google acquired SlickLogin five months after it launched at TechCrunch Disrupt. It gave a snazzy demo, which was light on the product's technical innards but intriguing to those looking for secure alternatives to passwords and physical tokens. There was a limited beta, but nothing further about the technology has been announced since the sale.

With Google's array of products heavily dependent on authentication, and with email accounts reportedly numbering over 400 million, there is significant interest in providing secure identity management. Google is a FIDO Alliance member and the SlickLogin product could integrate well with its existing 2FA product, Google Authenticator. SlickLogin's secret sauce could push Google ahead of industry stalwarts such as EMC Corp.'s RSA division and Symantec Corp. by offering an authentication app that's FIDO-compliant and supported by high-profile e-commerce or banking sites, in addition to its own business productivity suite of applications. With the addition of an offline option, Google could gain a foothold in a crowded identity management arena. Offering this simple tool to ease the pain of password management for enterprises also offers easy integration into an intranet Web user interface, as well as other applications, such as VPN.

What's your question?
Got a question about identity and access management technology and strategy in your organization? Submit your question via email today and our experts will answer it for you! (All questions are anonymous.)

Dig Deeper on Two-factor and multifactor authentication strategies

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.