Itโs not uncommon to see people walking down a street chattering away over their smart phones through a Bluetooth connection โ but they pull out the handset to type in a password for a sensitive Web site.
Increasingly, however, voice biometrics is being used by organizations for identity authentication to applications.
Your voice is, after all, as unique as your fingerprint, your retina or your face.
โThis is a kind of tipping point for the technology in the commercial space,โ says Tariq Habib, CEO of Torontoโs VoiceTrust.
Already the technology is used by some organizations to confirm the identity of a caller over the phone in the background while talking to a customer service agent.
But banks are also now using it in mobile apps allowing voice access and approval for transferring money and paying bills.
According to an executive of Nuance Communications, which makes voice biometric solutions, one Canadian bank will soon announce that capability for its retail customers.
Which is why some believe that voice may soon replace alphanumeric passwords as a common authentication method.
Why? Because passwords can be cracked either by guessing or a brute force attack.
A number of companies sell voice biometric solutions, two of which have a Canadian connection: Nuance, of Burlington, Mass., which has a large Montreal research and development centre; and VoiceTrust.
Others that sell voice biometric software or include it include it in solutions include Nice Systems of Israel; Verint Systems of Melville, N.Y.; VoiceVault Inc. of El Sagundo, Calif.; ValidSoft of Britain; Pindrop Security of Atlanta; and Agnitio Corp. of Madrid.
Most of these companies sell solutions โ largely on premise but some in private clouds โtailored for financial industries and those needing to cut down fraud โ phone companies, health care institutions and the like.
There are several types of solutions, all of which require end users to record a voice-print for later recognition: Those that are โtext dependent,โ meaning end users have to repeat approved words or phrases; and those that are โtext-independent,โ where end users can say anything.
Systems may be automated โ that is, once identified the users has access to a limited number of options so a support agent isnโt needed. Good for password resets. Or they may run in the background, identifying the caller so the agent doesnโt have to ask for passwords, PINs, motherโs name, favourite pet โฆ
But voice biometrics hasnโt made it yet into popular applications like email or even logging onto corporate networks.
One reason in the past has been cost. Another has been accuracy โ some systems got confused if a user enrolls on a landline but tries to access via a cell phone. A third has been no one wanted to be first in the industry.
Vendors say these reasons no longer exist.
Brett Beranek, Montreal-based solutions marketing manager for Nuance โ which makes
the Dragon Dictate PC speech recognition software and is behind Samsungโs S-voice smart phone voice assistant โ wonโt divulge the cost of a solution, except to sayย โโweโre not talking about systems that cost millions to deploy,โ so the business case โis very sound.โ
On the other hand Gartner analyst Avivah Litan says โyouโve got to have enough fraud or authentication issues to justify the expense.โ
As for other objections, digital voice-prints canโt be impersonated, vendors say, and if stolen are worthless. Also, their systems have protections against people recording a victimโs voice and playing into the phone.
But even Beranke admits biometric systems arenโt infallible.
Daniel Tobok, managing director of Telusโs security consulting and forensics division, who believes voice biometrics is โan awesome, outstanding idea,โ agrees.
Last year his department was part of a quiet investigation into the theft of data from an unnamed European financial institution whose systems were protected by requiring access by both fingerprint and smart card.
However, a crooked employee was able to hack into the identity servers and created legitimate profiles so colleagues on the outside could gain access.
Itโs another example of how people, not technology, are usually the weak spots in security.
Gartner analyst Avivah Litan notes that voice biometrics has made great inroads into enterprises in the last two years, particularly in call centres. Itโs best when combined with what she calls โphone-printingโ โ an application that verifies the source of an incoming call (a customer who lives in Vancouver should be calling from there, not from a small town in China, for example).
But she is one of those skeptical that voice biometrics will replace alphanumeric passwords, at least not for โmany, many years.
โThe juryโs still out,โ she says.