The future of authentication

April 2014 Access Control & Identity Management

We are very pleased to see that Google is expanding its search for better authentication techniques to passwords beyond OATH with the acquisition of SlickLogin announced recently. (SlickLogin uses sound waves as a security layer for two-factor authentication.)

SlickLogin focuses on a very important piece of the authentication puzzle – ease and simplicity for the user. The idea of just placing your phone near your laptop to logon sounds cool and simple. As it is based on sound waves it doesn’t need specialised hardware such as Bluetooth or RFID which are typical for these kinds of system.

There are other solutions on the market which also make use of simple ways to connect the PC and phone for authentication for example a QR code via the camera; as such this is not a new scenario, just a new medium to communicate over. The day-to-day practicalities are yet to be seen though, e.g., what if my PC is set to use my Bluetooth headphones for sound instead of my speakers?

As the app needs to listen for sound, it either needs to be running all the time which would use up battery power, or you would have to start it up when you want to use it which is no different from other smartphone app-based systems. In addition it requires data connectivity to verify the login – as such it could be argued that a totally out of band data driven app which uses a toast popup with an OK button would be easier and more secure, or at least more reliable and consistent.

However, back to the password problem. SlickLogin claims it can augment or replace a password. If you are just adding a token to a password then, from a security point of view, it is no more secure than OATH, since every time you logon with a password or PIN you give away your secret. If you used SlickLogin to replace a password completely you would only need to put your phone near your PC to logon, which would seem very slick and simple indeed, but that is only one-factor authentication. Worse still, if somebody left their phone on their desk to pop out for a coffee. That’s a very easy hack.

While this acquisition has indeed made headlines and reminds us that we need to move beyond passwords, we will wait and see what realistic scenarios Google can make the technology work in securely.”

Steven Hope will be talking in more depth about the need to reinvent authentication at Infosec Europe in April: http://www.infosec.co.uk/en/Sessions/4669/Why-we-need-to-put-secrecy-back-into-security-The-reinvention-of-Authentication





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

A platform for access and identity at Securex 2025
Securex South Africa Access Control & Identity Management Facilities & Building Management
South African companies involved in supplying access control technology, security services, and data management are well-positioned to tap into the expanding access control market at Securex 2025.

Read more...
Background checks: risk levels and compliance
iFacts Access Control & Identity Management Security Services & Risk Management
Conducting background checks is a vital step in the hiring process for employers or when engaging service providers; however, it is crucial to understand the legal framework and regulations governing these checks.

Read more...
Insurance provider uses Net2 For access management
Paxton Access Control & Identity Management Integrated Solutions Healthcare (Industry)
BestMed selected Paxton Net2 for its access control requirements because of its simplicity of installation and ease of navigation for end users, as well as the 5-year warranty.

Read more...
Identity is a cyber issue
Access Control & Identity Management Information Security
Identity and access management telemetry has emerged as the most common source of early threat detection, responsible for seven of the top 10 indicators of compromise leading to security investigations.

Read more...
Embracing contactless access solutions
HID Global Access Control & Identity Management
There has long been a discussion of the perils and virtues of authentication factors. Is it more secure to use something we have (a key card), something we know (a password), or something we are (biometrics)?

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions Commercial (Industry)
Suprema has released its BioEntry W3 facial authentication access control device with multiple authentication options, including RFID cards as well as mobile credentials, designed for durability and resilience.

Read more...
The power of knowing your client
Ideco Biometrics Access Control & Identity Management Integrated Solutions
One of the most effective ways to combat the threat of fraud, identity theft, and financial crime threats is through a robust Know Your Client (KYC) process, which safeguards both businesses and clients.

Read more...
Smarter ways to secure your space
Elvey Security Technologies Access Control & Identity Management Products & Solutions
Ensuring the safety of people and assets has become more crucial than ever, and access control systems provide essential tools to regulate and monitor who can enter specific areas or access sensitive resources.

Read more...
Facial recognition in national security
Access Control & Identity Management Government and Parastatal (Industry)
As global security challenges evolve, facial recognition technology provides a vital edge by turning our unique identities into powerful assets for national defence and changing a sea of anonymity into a line of defence.

Read more...
Federated identity orchestration
Technews Publishing SMART Security Solutions Editor's Choice Access Control & Identity Management Security Services & Risk Management AI & Data Analytics
Understanding exactly who resides at the end of a digital device is key, and simple identity number verification by the Department of Home Affairs is no longer a viable solution on its own.

Read more...