Why did Google acquire sound login startup SlickLogin? Because security needs to be simple

Security breaches are on the rise, and we humans still have trouble creating and remembering secure passwords, so it’s clear we need another solution for our ongoing security.
SlickLogin, a startup that uses sound to authenticate website logins, is one such solution. And, not surprisingly, Google confirmed yesterday that it has acquired the startup, FreeMindTrickz reports.
SlickLogin’s technology produces a nearly silent sound when you visit a website, which is then picked up by a mobile app, verified, and sent back to the company to confirm your identity. It’s a much simpler version of standard two-step authentication methods, which typically involve a code being sent to your phone or other device when you try to access a website.
Since it relies on multiple devices and uses randomly generated codes, not a password that can be forgotten or stolen, two-step authentication is vastly safer than mere password logins. The problem? It’s significantly slower than just logging into a website with your password. SlickLogin’s technology could quash that delay — and even better, it could be simpler than typing in a password for many users.
Announcing the acquisition on its website, SlickLogin described Google as “a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way.” The company also pointed out that Google was the first company to offer two-step verification to a vast majority of users.
Expect to see an increased focus on simplified security over the next few years. Apple’s TouchID fingerprint sensor on the iPhone 5S, for example, makes it easier to unlock your iPhone securely, compared to just swiping it. When security becomes more convenient, consumers won’t think twice about adopting it.
 <('') Like Us...

Read More

Kickstarter gets hacked, tells users to change passwords

Summary: Kickstarter was hacked earlier this week, the crowdfunding site informed users on Saturday. While the company says the hackers didn’t gain access to credit card numbers and only two users were affected, it advised all users to change their passwords.

Kickstarter was hacked Wednesday night and the crowdfunding site advised users to change their passwords late Saturday afternoon.
The hack appeared limited to just two users’ accounts, Kickstarter said. While the company says that “No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts,” the hackers did gain access to other types of information — including “usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords.”
In a blog post, Kickstarter CEO Yancey Strickler offered a Q&A:

“How were passwords encrypted?
Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
Does Kickstarter store credit card data?
Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed.
If Kickstarter was notified Wednesday night, why were people notified on Saturday?
We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation.
Will Kickstarter work with the two people whose accounts were compromised?
Yes. We have reached out to them and have secured their accounts.
I use Facebook to log in to Kickstarter. Is my login compromised?
No. As a precaution we reset all Facebook login credentials. Facebook users can simply reconnect when they come to Kickstarter.”

Kickstarter said it’s improved its security measures and will continue to do so in coming weeks.

Read More