

Show HN: Slick Login - Seamless Login which users will love it - techaddict009
http://www.slicklogin.com/

======
drewvolpe
There's no way I would trust a security product that uses an undisclosed
authentication method. It could be doing something that's easy to spoof.

Security is a hard problem and one that benefits from having a lot of people
try to tear it apart.

~~~
jaequery
this isn't some new security algorithm they invented. this is just two-factor
authentication done in a more seamless way.

~~~
jawr
but two-factor authentication doesn't explain how the actual authentication
happens... it's just that there is more than one method in place. being able
to peer review the security algorithm/how it's implemented is definitely
important.

------
drill_sarge
>Unique patent-pending technologies and a fortified protocol model enable
military-grade security.

what? don't.

~~~
Kiro
Instant boycott.

------
fein
> SlickLogin verifies that your smartphone is in proximity to your device
> using our proprietary technology, no further interaction required. You don't
> even need to unlock your phone - it's that easy.

That is horrifying.

------
jessaustin
This seems like a good idea, but I agree with other comments that undisclosed
"proprietary" methods ring some alarm bells. Perhaps they're really talking
about the web client <-> personal device connection they've developed, and
they're simply layering a standard protocol over the top of that. (If so, just
tell us! The secrecy doesn't actually improve your marketing.)

I'm curious as to what form that "local" connection would take. I don't think
it's a problem to require an installed app on the personal device, but what
are they doing on the web client? Does this require a browser extension to
broadcast to/receive from the personal device? Maybe even a driver of some
sort? That could make this less convenient than it seems. Sure you can always
use the browser on your phone, but then this becomes a lot of rigmarole that
reproduces the capabilities of client-side certificates. (Not saying THOSE are
easy to use, but that technology already exists.)

------
xerophtye
Umm... Doesn't this add an EXTRA step for login? Why do "users love it" then?

I assume the "seamless" part you mention here means that no extra window etc
etc... except that after i click login, it's now going to wait for me to pull
out my cellphone? What if it isn't around? What if i lose it or I am out of
battery?

I mean from a geek's point of view, sure it's pretty darn cool (ps: I am a
geek too!) But from a general user perspective, is it really that much more
useful?

~~~
Achshar
Its seamless for two factor authentication, not regular logins.

~~~
xerophtye
hmm... well compared to that, yeah. way better than the "wait, we'll message
you a code!" thing. good work!

------
Quai
"[...] using our proprietary technology [...]"

Ok. How do I get out of this site?

~~~
BerislavLopac
...without going anywhere near your garage? ;-)

------
omaranto
I have difficulty parsing the submission title. It should probably be either:

Seamless Login which users will love.

or:

Seamless Login: which users will love it?

~~~
erichurkman
The latter is a valid question. MailChimp had a post about a year ago [1]
where they found that social logins had some negative components.
Specifically, that they overall had a lower login rate than the standard
username/password. This isn't quite the same, but it IS extra effort for
legitimate users to log in.

Also, every new login method requires user training. What does the user
education process look like if you had to train and support them on (up to)
seven different authentication methods? If a user gets used to one of them
(say, proximity), how smoothly can you keep them educated that if they are in
the subway, GPS won't work, so they need to try /method X/, then /method Y/,
etc. That may be worth the effort to some services where security is
absolutely paramount; hopefully anyone using this service builds in some heavy
analytics to find out!

[1] [http://blog.mailchimp.com/social-login-buttons-arent-
worth-i...](http://blog.mailchimp.com/social-login-buttons-arent-worth-it/)

------
orclev
My initial thought is this is working via the microphone/speakers on the
computer and phone. My second thought is if you don't need to unlock the phone
and activate anything I bet this absolutely kills your battery life.

I'd bet the proprietary technology is that the phone constantly emits some
tone outside the normal range of human hearing (probably with some time
varying value encoded in the frequency of the tone) which the mic on the
computer listens for. Once the computer picks up the tone, it decodes the time
varying value from the tone and from there proceeds like any other TFA login
system.

There's also a question of what happens in a busy setting like say an office
environment when multiple people are using this system and say two people
attempt to login to a site secured with this at the same time.

~~~
lewispollard
Seems likely - the image at the top of the computer and phone has the words
'turn on your speakers' written on the screens.

~~~
jack-r-abbit
It would be totally awesome if it sounded like this:
[http://56k.weworkweplay.com/](http://56k.weworkweplay.com/) LOL

------
MichaelAza
I think this solves the problem with 2-factor authentication really well. I
use 2-factor auth on my Google and Dropbox accounts but it's really
frustrating that I have to use the second factor (my phone) and think about
another layer of authentication. This means that as long as the second factor
is nearby I can login, making it as secure as 2 factor auth but usable as
regular username and password authentication. Big kudos to the whole team.

------
gxespino
You guys are looking at this from a consumer stand point, which I don't think
the company is targeting.

The military uses two factor authentication (you need to insert your ID and
know your username/password) as well as some corporate consultants. This
bypasses the need to create coded ID cards and purchase card readers.

There is potential but still a few issues.

~~~
arthulia
I think people are looking at this from a security standpoint. If it can't be
audited by the public, (because it's "proprietary" and presumably closed
source) it can't be presumed safe.

------
thedufer
How does this work when I need to log in to a new computer and my phone has no
internet? As far as I can tell, that would render all of the given methods
useless. You're going to need more specifics if you want to convince people
that this is both secure and convenient - otherwise we're going to stick with
TOTP.

------
callahad
I would certainly love this more than typing OTP codes, but what's the
recovery method for when I lose my phone? How do you solve the chicken-and-egg
of getting users to install and configure the app in the first place?

Maybe this is meant for corporate intranets more than end-users?

------
Achshar
I personally think just QR codes are equally easy. Like random number from
server -> computer -> phone -> server which would be same as two factor
authentication but in opposite direction.

~~~
roryokane
No, that wouldn't work. The server wouldn't know if the random number they got
back really came from the correct phone or was spoofed. The only thing the
servwr can control is where it _sends_ the code to - so the best security is
sending it to a different device from the one the attacker might be using, the
computer.

~~~
Achshar
The server would know it came from the correct device because of the initial
setup of the key like in any two factor auth app.

------
alexvay
I am guessing they are using sound to communicate data between the device and
the computer and thus confirm proximity.

~~~
weavie
"Up to 7 different methods are used to verify the phone's proximity to the
computer. These include GPS, WiFi, Bluetooth, NFC, QR codes, and our unique
technology, based on audio signals."

------
yashg
Is it Security that People Love or something that "Security People" Love? A
comma somewhere would help.

~~~
xerophtye
hahah my point exactly

------
seferphier
very cool approach to solving an old problem.

The problem is that I can take my gf / friend's phone during dinner put it
next to my tablet and check their bank account. What are your thoughts on
that?

~~~
xerophtye
You also need the user id and password. The phone is just the second factor.
you need both factors to login

------
themrdarknezz
It can't be secured if it's from a company from the US.

------
yuliyp
How to steal an account: carry around a microphone?!

------
teh_klev
"graduates of the IDF's elite cyber security unit" \- hmm...no thanks.

------
jaequery
i wonder how this app tracks your phone's location.

~~~
lifeformed
Maybe inaudible high frequency signals from the speaker, received by a
microphone.

------
untilHellbanned
Landing page flaw: If it is going to replace my signup form, please tell me
what user credentials it will send to my app. Email? Phone#? What?

As many comment, this is a pretty vague proposal.

