Voice based authentication
Or "how to make it impossible to log in while having a cold"
Google has bought five-month-old security startup SlickLogin, which specialises in sound-based authentication technology. Financial terms of the deal were kept secret. The Israel-based company, which was founded by three ex-Israeli-military security bods in 2013, announced that it had been scooped up by Google in a statement …
Or "how to make it impossible to log in while having a cold"
Not voice. SOUND. Your PC and mobile are supposed to chirp to each other in ultra-bat frequencies and it has nothing to do with your voice - but it's nigh impossible to get any details on how exactly that is supposed to work, and who get authenticated to who and by what exactly. I for one am not crazy about being logged into places by my phone being in the same place as my PC....
The problem is, I don't tend to have my 27" AiO with me, when I'm out with the dog for a walk...
May i suggest that you take your ignorant views somewhere else?
How exactly did you post the comment? Did you use a wax tablet and a stick?
No? I didn't think so... in that case you most likely used a mobile / some form of computer or a tablet. In which case nearly every item on that list has crucial technology designed / developed / manufactured in Israel.
So if i may make a further suggestion. Go back to the Stone Age and throw away all of your tech... I mean you don't want to fund a 'terrorist state' do you?
> Effectively more funding for a terrorist state. Sad really.
You misread the article. The Americans are the ones buying, not selling.
"May i suggest that you take your ignorant views somewhere else?"
May I suggest that you educate yourself to the reality if you think such views are ignorant. In fact they are informed. I can only assume you must be relying on watching Faux News if you can possibly draw any other conclusion about a country that repeatedly deliberately shoots children and shells families on the beach, just as a couple of examples amongst hundreds....
"In which case nearly every item on that list has crucial technology designed / developed / manufactured in Israel."
Mostly by outposts of US multinationals - and that could easily have been done somewhere else.
"I mean you don't want to fund a 'terrorist state' do you?"
Nope - hence why I why I would prefer to buy non Israeli where there is a choice.
You think your views are informed? This from someone who uses terms such as 'Faux News'? I guess you are also the same kind of person who uses terms such as 'crApple' and Micros$t (or variations of).. Please provide irrefutable evidence of Israel being a 'terrorist state'
And so what if they were off shoots of US multinationals and could have been done elsewhere - the fact is that they weren't so your argument is moot. Again I ask what did you use to write your post? Have you used / bought anything made by Intel, Microsoft, Apple or Cisco? Any may i ask what TV package you have (I mean you seem to be very well 'informed'
"You think your views are informed? "
Clearly more than you.
"This from someone who uses terms such as 'Faux News'?"
If you think that is uninformed then QED.
"Please provide irrefutable evidence of Israel being a 'terrorist state'"
It was declared as such in at least 2 Amnesty International annual reports for a start. Here are just a few practical examples from hundreds of similar events:
Oh you poor deluded soul...
Still not answering my questions and quoting some instances from the left wing press without looking at the entire situation. So going on your definition then clearly the US is a terrorist state having killed innocent children in Afghanistan. ..maybe the Chinese are as well and to carry on the example then also the UK.
The difference between those examples and Israel? The US, China and the UK are not under constant terrorist and rocket attack. I suggest you crawl back under your blanket of delusion ...
And while you are there please attempt to answer the questions regarding your tech toys..or maybe you have just realised that actually you are buying Israel goods...
@Anonymous Coward (the one linking to the Guardian)
Stop trolling.... you need to get out more
"quoting some instances from the left wing press without looking at the entire situation"
I can only assume you are not British, but the Guardian is a widely respected newspaper with journalistic integrity considered by most in a similar light to say the BBC. There are numerous other sources for these events.
I am well aware of the entire situation - did you perhaps mean back to when the Ancient Egyptians are recorded first mentioning Palestine - before the original state of Israel even existed? - or more recently when the Zionists broke the terms of the Balfour Declaration / Mandate for Palestine and took over towns allocated to the Arabs by military force, starting off the whole mess the region is in now?
"So going on your definition then clearly the US is a terrorist state having killed innocent children in Afghanistan."
Nope - accidental - or even careless doesnt count. A terrorist state is one which deliberately uses violence and fear of violence to control population. Israel has on numberous occassions deliberately targeted children and other civilians - there is overwhelming and long term evidence from numerous sources for this.
"The US, China and the UK are not under constant terrorist and rocket attack."
Rolling out the usual genocidal sop that this makes it OK for Israel to deliberately kill and collectively punish people not responsible for those attacks then....
"please attempt to answer the questions regarding your tech toys"
I already did. See above.
Nothing more needs to be said by me - the links speak for themselves.
shouldn't that read: The tech is said to
simplify be "overly complicated and annoying"
Given that it requires a PC with speakers and the sound enabled (surely the very first thing users in offices do is rip out the speakers and/or disable all sounds). Plus a smartphone with it's microphone available to hear this (and presumably everything else that is within hearing distance - a built in bug? how marvelous) and without the sound being muffled by, say, a trouser/jacket pocket or handbag and the environment being sufficiently noise-free.
I would expect that this technology is neither disability-friendly, universally applicable nor 100% reliable. So all systems where is is used will have to have passwords as a fallback (sorreeeee, I can't log in until my phone has recharged ... ooops, I can't use this app as I'm on the phone, whoops: I appear to have left my phone at home/in the car/on the bus). Added to which is the faff of having to dig out your phone every time you want to log in. So it will hardly ever be a person's first choice of authentication and will therefore very quickly be sidelined and then ignored.
Hopefully Google bought the company as a public service and will now bury it to reduce the number of annoyances foisted on us in the name of technology.
Voice based features being sidelined? As the saying goes, if the service is free, you are the product..err.. BETA testers.
So, after annoying us for billions of man days, one day they will come up with the polished one (if we remain in control).
Aside from bug number 1 pointed out by Pete2 above ... what about bug number 2.
Feedback loops .... you know ... that screeching sound you get when speakers are placed too close to microphones.
There's no feedback as the phone won't be making a noise, it just listens and sends some verification back to the site over the net (probably?).
"Google was the first company to offer 2-step verification to everyone, for free"
Who beat them to it?
The first free 2-factor I remember noticing was WoW/battlenet's phone app. That was in 2008, I think google started in 2011.
Barclays Bank did something for free?
Surely someone would have been sacked for that.
The register should really have linked to video Engadget posted to explain to commenters how this works: http://www.engadget.com/2014/02/16/google-acquires-slicklogin-sound-passwords/
Now - as a 2Factor method - I think this is pretty exciting, note for those wondering about eavesdropping - apparently the phone has to be VERY close to the computer in order for this to work, and the system generates a ONE TIME key for each session - so someone recording the ultrasonic chirping and playing it back would get no-where because the authentication session will have already expired.
My issues are: 1) They are talking about (and do demo in the linked Engadget article) replacing not just the 2Factor stage but the entire login process with this technology, meaning if your phone is lost / stolen - potentially whoever has it can login as you. and 2) The phone appears to be listening constantly as they claim it works without launching anything or even unlocking the phone.
If it is used JUST to replace Stage 2 and I have to open an app on my phone first, I'd be much happier.
...I would bet that when you get to the PC login screen it sends an SMS/IM to your registered phone, which picks this up and switches on your microphone - it's not going to be constantly listening.
Furthermore, it would make sense to also have a configuration option whereby you could also require your phone to be unlocked before the app activates.
Except that it requires your computer to (a) have speakers and (b) have them turned on. Can't watch the video, so I can't tell if the app is then authenticating over the 'net or responding with a sound; hopefully the former or you'd need a microphone on the computer.
It's an interesting tech, but I don't see how it's better (meaning more secure rather than cooler) than using a QR Code and holding the phone up to the screen.
The general idea of using a phone as a token generator\verifier for two factor auth makes a degree of sense.
But it does sound a bit like a poor mans NFC, or if it works it could prove to be the smart alternative to NFC.(place your bet now) Now if someone started making keyboards with NFC receivers in them for phone bumping and card payments then maybe we would have a better soution. Especially if the banks could get their act together and effectively put two cards in one piece of plastic.
1) the traditional chip n pin for large payments
2) a 'sub card' that used the wireless chip up to a max of whatever the card owner set a limit to be.
One card to rule em'all ??
Airgapped devices communicating is an extension of this technology which government spies appear to be using already. Being an IsraelI startup by ex-military personnel, one has to wonder if logins is the only feature they have been working on.
I wouldn't read too much into the military bit. All Israelis have to do time in the defence force, so all software start-ups are run by ex-military. Well, unless they're kids.
Now everyone and his dog can know your login credentials.
Similar approaches using light rather than sound have been in use for a while. You get a token - a little device the size of a credit card but thicker. It has a fingerprint reader and a tiny display for a few characters. You start an application, bringing up a window on your screen. A part of the window flashes a bright light. The flashing is coded. You hold your token card close to the flashing region, and it generates a one-time password based on your biometrics (fingerprint) and the flashed code. The card shows you the password and you type it in. The password is matched on the server side - it also has your fingerprint and knows the code.
While it *is* a security device, there is another purpose. This is used in cases where you pay, say, a high monthly fee per seat for access to your "cloud" (for some definition of). Today, you no longer can tie the client to a particular HW or place. People upgrade, travel, work from home, coffee shops, airports, etc. So you've sold an expensive license to a customer. What prevents 2 or more customer's employees from sharing a login, even against the terms of the license? You can limit the number of concurrent sessions, but what if one user is in NY and another in Tokyo? They work different hours and won't interfere with each other. Thus, such a token is a revenue generator, probably more so than authenticator.
Of course a crafty commentard can find a way around such an obstacle with today's technology. Say, the NY employee does not log off, and the guy in Tokyo accesses his computer with one of the multitude of tools and has full control. That's full control of the NY computer though, not of a single application.
"... and they're working on some great ideas that will make the internet safer for everyone, while allowing them to further track, profile and spy on you."
So now if someone steals your phone they can use it to log in securely to your laptop?
> So now if someone steals your phone they can use it to log in securely to your laptop?
While the 2 factor stuff is useful I do have issues with giving companies my mobile phone details as well as everything else just to use their product. Noting that downloading an app effectively gives the app owner all your phone details.