Fixed or Unique Spoken Phrase, Which Is More Secure?

Nowadays, people are required to verify their identity in order to access services. These services are often part of our day to day lives such as unlocking smartphones, logging into social media accounts, conducting online financial transactions and even speaking to a call center agent over the phone. To verify our identity, we traditionally use PINs and passwords. However, between requiring to have accounts for just about anything and managing different passwords for these accounts, people have developed poor and insecure password management practices. With voice biometrics, organisations have the potential to improve the user experience and security of identity verification by either replacing PINs and passwords or acting as a step-up second factor authentication.

In the early days of voice biometrics, many organisations implemented voice biometric systems that required users to say a contrived phrase such as “At Acme bank my voice is my password.” By allowing users to verify their identity with their voice, users no longer had to remember PINs and passwords as they could simply just use their voice to say the phrase. While PINs and passwords may not be required, users will retain confidence in their security as they know that they are being verified with their voice. However, the practice of using a fixed spoken phrase such as “My voice is my password” presents some security issues. Asking users to say the same phrase can run the risk of a user with a similar sounding voice breaking into another person’s account. A user can also have his voice recorded saying the “passphrase” and the recording can be used to gain account access. 

Auraya’s next generation voice biometric technology allows systems to be deployed where each user has their own unique spoken phrase as their biometric identifier. The Unique phrase could be as simple as a phone number or account number or a randomly generated phrase that is specific to the current transaction. With unique spoken phrases, another layer of security is added to further protect users.

Auraya’s EVA voice biometric extension for Amazon Connect combines a trusted Device ID with a Unique spoken phrase plus the world leading voice biometric technology to securely and conveniently protect users from account takeover or other malicious actions. 

Using a unique phrase also mitigates the risk of synthetically generated and recorded playback attacks. Since the phrase will be unique, a victim’s recorded voice will not be enough to thwart an organisation’s system. Additionally, Auraya’s voice biometric features many machine learning capabilities that protects organisations and its users from these types of attacks.

Using fixed phrase tokens for voice biometric verification may be appropriate in some circumstances security and convenience can be increased when unique phrases are incorporated and augmented with device identification techniques.