Should Your Voice Be Your Password?

In the era of services including banking services, access to online doctor appointments, and signing various contracts over the phone being digitalized, companies have to implement and leverage secure authentication methods. These methods enable businesses to identify and authenticate users and make sure that the claimed identity of the user is truthful.

The availability of biometric authentication methods frees the user from having to remember passwords to access different systems. The authentication process is based on the user's unique biometric characteristics that are securely stored by authorized systems, such as voice, fingerprint, iris, or facial.  

As opposed to the traditional use of authentication mechanisms based on a password assigned to a user, the use of biometric authentication methods has experienced significant growth in recent years. Rapid growth means money, and obviously money attracts fraudsters willing to earn millions by breaking or deceiving authentication systems.

It has been proven in recent years that even automatic voice recognition solutions can be vulnerable to malicious attacks by intruders who want to gain fraudulent access to internal systems.

Nevertheless, biometrics as an authentication method is still considered far safer than traditional methods like passwords. According to VISA, younger generations are fonder of using biometric authentication methods than more obsolete solutions like answering questions or sharing identification numbers.

How Is It Possible to Use a Voice as a Password?

Biometrics is an authentication method based on an individual's unique biological and behavioral characteristics, which are used to validate their identity and authenticate them. Thus, businesses can use iris recognition, fingerprints, writing patterns, and voice verification in various authentication processes.

Since these human characteristics are unique, i.e., not owned by other individuals, they are perceived as the most secure access and confirmation keys we can use today. They are much  more secure than four- or six-digit passwords that are commonly used to access, for example, bank accounts containing savings.

The biometric authentication mechanism is efficient, straightforward, and can be described in three basic steps:

• User enrollment. The first step is to register and associate an individual's data with their biometric password, which in this case is their voice.

• Storage. The audio, image, or writing enrollment is transformed into data, patterns, and codes and then stored in management software.
  It’s important to note that at this stage, a lot of information is stored and cross-referenced. This data is not restricted to recording only the tone of voice, but also the vocal range, rhythm, pitch, and many other traits.

• Confirmation. With the registered data, every access attempt will be validated by comparing the current information with previously stored data patterns.

The system that runs the processing requires a sensor to capture the biometric information, a place to store the data, and software to manage comparisons and validation before access through biometric authentication is granted.

Although complex, biometric authentication is already in widespread use. Most current smartphones use fingerprint and iris recognition to enable unlocking devices and confirming user actions. Such uses, however, can be only achieved with a user physically present at the place where confirmation takes place. Unlike a fingerprint, for example, a voiceprint can be used for remote authentication.

Voice is a unique personal characteristic that is different for each of us. Just by listening to a word said out loud, we can easily distinguish the voice of our relatives or friends. A voice bears both behavioral and physical characteristics, making it harder for cybercriminals to imitate one’s voice and impersonate them. Therefore, voice biometrics allows us to identify a person through their voice with a high level of accuracy and security. 

This opinion was shared by Alejandro Gomez Alanis, a researcher at the Department of Signal Theory, Telematics, and Communications at the University of Granada. The results of his research on voice as an authentication method were published in, e.g., the IEEE/ACM Transactions on Audio, Speech, and Language Processing journal.

Advantages of Using Voice as Your Password

Voice biometrics requires the user's unique voiceprint for authentication. This way, even if a hacker breaches the system, they can’t steal a voiceprint or impersonate its owner. Also, the system can detect cases when, for example, a recording is being used instead of an authentic voice.

Using voice as an authentication method minimizes the possibility of attacks. A PIN-based password is the weakest credential, as it is often shared and can be quickly compromised by an attacker. Also, most users set the same PIN to access multiple systems or applications. Voice biometrics, however, can’t be compromised in the same way as these traditional security methods. If an attacker attempts to use a recording, voice biometrics (especially passive voice biometrics) can distinguish between it and a live voice.

Why Is It Worth Using Voice Biometric Authentication?

• This method evaluates hundreds of unique characteristics in the user's voice when analyzing it and comparing it with a voiceprint. For example, the system evaluates the size and shape of the larynx, as well as speech rhythm and intonation to verify that the user is who they claim to be.
• Voiceprint is associated with a specific individual, unlike a password that can be easily used by an unauthorized person.
• It prevents fraud and reduces the risk of phishing. Unlike other traditional identification systems, voice biometrics is less susceptible to fraud threats and identity theft.
• It offers higher speed and accuracy in accessing devices or services. Biometric authentication methods can reduce authentication time thanks to a faster and simpler verification system on any device.
• It’s convenient, since authentication doesn’t require the user to remember anything.
• It’s accessible to everyone. As the definition of biometric characteristics indicates, biometric authentication methods are widely accessible. All individuals can use their voice and other bodily characteristics or identifiers to authenticate themselves. Because of that, biometric technology doesn’t exclude anyone.
• Anyone can use it, without the need for prior learning or the use of external devices, beyond the installation that the company itself must carry out.
• It enables seamless but secure time and attendance control. The traditional methods of access control are carried out with the use of passwords or personal cards. One of the disadvantages of this type of technology is its susceptibility to crime. A password or an access card can easily be shared or stolen.
• Passwords are not secure. A Verizon Data Breach Report proved that compromised or weak passwords cause 80% of data breaches.

Drawbacks of Voice Biometric Authentication

However, voice biometric authentication methods, as any other method, aren’t 100% secure. You should also consider the disadvantages and risks associated with this technology. Here’s a list of disadvantages of voice biometric authentication.

• Users’ voices can change over time or due to some health problems, so authentication systems may require new voice enrollments.
• Monitoring and data. Biometric devices, such as voice recognition systems, can affect users' privacy.
• False positives and inaccuracies. False rejections and false acceptances may occur when you use voice biometric authentication. These incidents may prevent users from accessing the system.
• Like every computer-based system, it is a technology that requires maintenance and generates costs that are necessary to keep servers running.

So, Can Hackers Steal Your Voice?

As mentioned above, as with any technology, no biometric system is impossible to hack. A situation that proves that happened just a few years ago with the launch of the new iPhone X. In November 2017, just a few days after it was released, news broke that a Vietnamese security company known as Bkav had fooled the iPhone X's facial recognition system using a 3D printed mask and $150 worth of materials. 

But what about voice biometrics - could a hacker steal our voice and gain access to our devices?

John Seymour, a Salesforce Senior Data Scientist, and Azeem Aqil, a Salesforce Software Engineer, ran some tests and tried to hack voice recognition systems. They succeeded, but as they admitted, it required an “awful lot of work, some of it quite specialized.”

According to Michal Hrabí, CEO of Phonexia, “Voice biometrics, especially its free speech authentication variant that does not require a person to say any given phrase, is extremely difficult to breach when compared to other biometric systems. The human voice contains hundreds of dynamic and static elements, making it highly unique to each person. Today’s cutting-edge deep neural network-based algorithms can analyze all these characteristics in just a few seconds and verify a person’s identity almost instantly as they speak freely. Therefore, due to voice biometrics accuracy and seamlessness, an increasing number of companies use voice biometrics as a natural additional security layer in their authentication processes to verify customers and users.”

So, it means that hackers can steal your voice, but it’s a tough thing to do. What’s more, even if your voice sample is stolen, voice authentication systems have numerous procedures preventing cybercriminals from accessing your data or using services that you own.

Wrap Up

It’s easy to imagine that the proliferation of voice biometric authentication will make current authentication and identification methods such as passwords become a thing of the past. In the same way that young people find it strange to use a public telephone or send and receive letters, spending a few minutes confirming personal data or typing passwords on keypads will soon be perceived as obsolete.

Authentication mechanisms based on unique characteristics will increasingly become routine, and users will get used to it. That’s why innovative companies that want to keep up with the pace of technology should start implementing voice biometric authentication methods into their processes now.