Angelo Gajo | February 24, 2021 | 5 minutes
Passwords have been around for many decades. Fernando Corbató was a computer pioneer who introduced passwords to secure user accounts back in the mid-1960s. Today, it is still being used to protect user accounts. However, passwords have become outdated and insecure as cybercriminals discover new methods to hack into these accounts. Fortunately, there are new authentication methods that can replace passwords, offering better security and user experience.
Modern passwords, even the most complex ones, are predictable and phishable. They can easily be compromised once the password is in the hands of the wrong person. Passwords do not provide an accurate indication that the person who entered the correct password is the rightful owner of the account. It only indicates that they know the password to the account. In Verizon’s 2017 Data Breach Investigations Report, 81% of hacking-related breaches were the result of stolen or weak passwords. Many of these hacking-related breaches could have been easily prevented by implementing better authentication methods such as passwordless authentication.
A passwordless authentication is a form of multi-factor authentication that replaces outdated and insecure passwords with a more secure authentication method. Passwordless authentication helps reduce the chance of phishing and brute force attacks. It also improves user experience as it allows faster login times and does not require remembering PINs or passwords or answers to security questions.
Organizations can implement passwordless authentication using Auraya’s EVA Voice Biometrics. When a person tries to access a secure service on their device, EVA can display a microphone icon and a unique one-time digit string. The person simply touches the microphone icon and speaks the digits displayed on the screen. If the person’s voice biometrically matches their stored voiceprint and says the correct digit string then they get access to the secure service.
EVA is integrated with multi-factor authenticator applications such as PingFederate, Okta, Auth0 and other identity and access management systems so activating a voice biometric ‘factor’ is simple for security administrators. In these integrated solutions, the security administrator can choose to rely on several factors to prove identity verification. A secure service could require a person to use a trusted device such as a personal computer or a smartphone that has been used by this person previously, additionally, the person needs to say the correct digit string that relates to the specific transaction, and the spoken digits must be a voice biometric match to prove that the authorised person read the digit string correctly.
EVA voice biometrics not only makes identity authentication more convenient it also makes it more secure. Users no longer need to fumble for one-time passcodes in another application to complete a transaction. The delivery of one-time passcodes via an email or SMS may prove that the person trying to access the secure service has physical or virtual access to the device but does not prove that they are the authorised account holder. Similarly, relying on device-based fingerprint recognition or facial recognition only proves that the person trying to access the secure service has control of the device as the fingerprint and faceprint are typically stored on the device. EVA stores the authorised voiceprints securely in the client organisation’s customer database.
Auraya’s EVA voice biometric technology is capable of being deployed on any channel whether it is telephony or digital. With voice, users can authenticate their identity by simply speaking a unique or random phrase. Auraya’s patented technology ensures that users and organizations are protected from recorded playback attacks and synthetic voice attacks.
EVA is available on the AWS Marketplace and Auth0 Marketplace for secure and delightful voice biometric authentication. EVA can be deployed in digital channels such as messaging chatbots, browsers and applications.