Angelo Gajo | August 23, 2021 | 4 minutes
One-time passwords, commonly known as OTPs, are a string of automatically generated, random characters or numbers to form a temporary password. This password is only valid for a single login attempt. OTPs are sent to the user via SMS or email and are used to enhance login security and reduce the fraud risk of account takeovers and stolen data. It serves as an extra layer of security during the login process or transaction authentication.
With OTPs, users will require more than just the account password. They will need access to a device to obtain the OTP. They then need to provide the OTP to complete the login process. While it does offer improved security, a closer look suggests that it may no longer be one of the most secure methods available.
Fraudsters can easily intercept SMS or emails to obtain the OTPs. OTPs also does not prove that the user attempting to log in is really who they say they are. Simply providing the OTP only means that the user has access to that phone or email account and can copy and paste the OTP. Anyone with access to the user’s phone or email account, whether it is a fraudster or a family member, can successfully log in to an OTP-protected account.
To address this issue, organizations can replace OTPs by using voice biometrics such as Auraya’s EVA Voice Biometrics, for secure and frictionless identity authentication. While OTPs prove that the user has access to the device or account, voice biometrics proves that the user is the rightful account owner. Fraudsters and other people will not be able to log into the user’s account as they have a different voice to the user.
With EVA, users will be required to enroll their voiceprint by saying a series of digit strings. Once their voiceprint has been enrolled and stored in the client organization’s secure database, the user can now verify their identity using their voice during the login or transaction verification process. The user simply says the OTP displayed on the screen. This is then crossmatched with the stored voiceprint. The user will be verified if their voice matches the voiceprint stored in the database and they say the correct OTP from the trusted device.
Verify with voice for a more secure and delightful experience
The main reason why voice biometrics is more secure than OTPs is that every person has a different voice and EVA can identify the differences at a higher level than a human ear can. EVA is also more secure than fingerprints or faceprints that are stored on a device. Bad actors can simply enroll their fingerprint or face on the compromised device and hack into the true customer’s account, whereas EVA verifies a customer’s identity by comparing the voiceprint with the user’s voice in an ‘out of band’ process securely behind the client organizations firewall.
EVA features synthetic voice detection and recorded playback detection capabilities so fraudsters attempting to break into victim accounts through synthetically generated voices or by playing a recording of their victim’s voice will not be able to succeed. EVA is also not device-dependent, which means that the user can verify their identity using any device, whether it is on a phone or a computer device. With the voiceprints stored in the database and not on the device itself, like other biometric factors, the user’s account will not be as compromised if their device has been misplaced or stolen.
Overall, OTPs have become outdated and insecure, and cumbersome. Switching devices or applications to obtain the OTP can create friction and delay the login process. EVA Voice Biometrics is a more secure method that conveniently and securely authenticates the identity of the user through their voice.