Angelo Gajo | September 12, 2019 | 4 minutes
Using voice biometrics is an excellent security alternative to passwords. Since it does not rely on remembering passwords or knowledge-based questions such as security questions, voice biometrics can prove to be advantageous. Voice biometrics negates loopholes that fraudsters often abuse such as common passwords or leaked passwords. Additionally, with the capability of enrolling with any text or digit, dependent or independent tokens, Auraya supports all types of spoken phrases as valid voiceprints.
However, although voice is a great alternative to the outdated password security method, it is not recommended to use the phrase “My voice is my secure password” for all users. Therefore, below is a list of reasons why you should avoid using contrived phrases.
1. Poor User Experience – many people dislike saying a ‘contrived phrase’. Some people feel silly saying these phrases. Some may eventually dislike the process, developing angry or frustrated tones when having to repeat the same phrases multiple times. As people get frustrated or embarrassed saying a contrived phrase, they may change the way they say it sufficiently to stop the phrase from being recognised leading to a failed verification, causing more frustration.
2. Weakened Security – If every user uses the same phrase, then hackers just need to repeat the same universal phrase whilst trying to break into different user accounts until they find a voiceprint that is close enough to their own voice. Another security threat is that hackers would just need to record users speaking this universal passphrase and then they can break into their accounts. This threat is known to be more commonly exploited by ‘inside’ hackers who gain access to telephony resources where they can record users saying their passphrase.
3. Language independence – A fixed phrase such as “My voice is my secure password” may be difficult to say or pronounce for users who are uncomfortable saying English language phrases.
4. Clumsy user interface – Prompting users to say a ‘contrived’ phrase is clumsy. Requiring them to remember another phrase or listen on the phone while the prompt is being read out is problematic. Adding another thing to remember adds unnecessary complexity.
5. Overcomplication – If the answer to the identification question (who do you claim to be?) can also be the verification token, then users can effectively reduce both processes to one step. If users are asked to say their phone number, then the phone number can be the identifier, and this same utterance can also be used for verification.
To successfully implement any new technology or solution, a positive user experience is key. Using one global phrase for every person can cause barriers and issues as discussed above. It is better to assign different phrases or numbers that are unique to each person to ensure a higher level of security. Additionally, providing the flexibility to users on how they can enrol not only improves security, but also provides users a sense of control of their accounts.