Google bought a tiny Israeli startup today called SlickLogin.
The three-person, two-month-old company has an interesting technology that replaces passwords. The terms were not disclosed.
The acquisition is a tiny victory for people who believe in sound as a viable medium of digital communication.
Here’s how SlickLogin works. You visit a site that supports SlickLogin. Instead of entering a name or password, you simply hold your smartphone close to the laptop or computer you’re using, and entry is granted.
What’s really happening is that the web site is playing a sound, which is encrypted data encoded into ultra-sonic (higher than human hearing) sound. Your phone hears it, and sends the data back to the SlickLogin servers. That’s the authentication.
The code is temporary, and used only for the one login. So if somebody else copies it, they won’t be able to do anything with it in the future.
SlickLogin also uses location as part of the authentication. It uses WiFi, Bluetooth, NFC, QR codes and GPS to prevent hackers on the other side of the world from logging in as you.
SlickLogin’s use of sound reminds me a little of a company called Chirp. Chirp is a company that uses sound for essentially conjuring up any online resource. Their Android and iOS app is focused on sharing pictures.
Chirp “feels” like a picture is transmitted by sound. In fact, the sound from one app is heard by the same app installed on someone else’s phone, telling the app to go get a specific URL — a picture posted in the cloud. You can also send notes and links.
It’s used for all kinds of unexpected uses. For example, Canadian radio station CBC Kitchener-Waterloo was able to successfully transmit bitcoin over radio waves.used Chirp to send $40 worth of Bitcoin to a listener over the radio.
The difference between SlickLogin and Chirp is primarily that SlickLogin is all about authenticating one user, whereas Chirp is about sharing stuff, often broadly with many people.
What they have in common is the simplicity and universality of sound.
Sound enables minimum use of the Internet. Of course, in both the cases of SlickLogin and Chirp, the Internet is being used. But it’s not a hijacked Internet connection. The app is directing the user to a specific URL controlled by the company.
Sound is also a medium understood and controllable by users. If users don’t want their SlickLogin authentication to happen, they need only mute their speakers. In fact, the normal use of SlickLogin requires users to remember nothing, except for the need to load the phone app and hold the phone next to their computer.
If Chirp users don’t want people on the other side of the room to get the picture they’re sending to a friend at the same table, they can turn the sound way down.
I agree with the entrepreneurs who created SlickLogin and Chirp — sound is an underrated communications medium with real benefits.
I hope Google doesn’t treat the SlickLogin acquisition as nothing more than an acquihire — a way to hire some brilliant engineers. Instead, they should build sound-based password replacement into everything they do as an option.
This is especially the case given the coming wave of fingerprint authentication in Android phones. Imagine how cool it could be for you to authenticate your phone with fingerprint ID, then authenticate everything from web log-ins to purchases using ultrasonic sound.
SlickLogin really should just be built into Android. And you know what? Chirp should, too.
