Passwords have been around for many decades. Fernando Corbató was a computer pioneer who introduced passwords to secure user accounts back in the mid 1960s. Today, it is still being used to protect user accounts. However, passwords have become outdated and insecure as cyber criminals discover new methods to hack into these accounts. Fortunately, there are new authentication methods that can replace passwords, offering better security and user experience.

Modern passwords, even the most complex ones, are predictable and phishable. They can easily be compromised once the password is in the hands of the wrong person. Oftentimes, the cost of implementing a password authentication system along with the cost of recuperating from cyber attacks can outweigh the benefits of passwords. Passwords do not provide accurate indication that the person who entered the correct password is the rightful owner of the account. It only indicates that they know the password to the account. In Verizon’s 2017 Data Breach Investigations report, 81% of hacking-related breaches were the result of stolen or weak passwords. Many of these hacking-related breaches could have been easily prevented by implementing better authentication methods such as passwordless authentication.

Passwordless authentication is a form of multi-factor authentication that replaces outdated and insecure passwords with a more secure authentication method. Passwordless authentication helps reduce the chance of phishing and brute force attacks. It also improves user experience as it allows faster login times and does not require remembering PINs or passwords or answers to security questions.

Organizations can implement passwordless authentication via many ways. For example, organizations can use multi factor authenticator apps such as Microsoft Authenticator and Google Authenticator, identity management providers such as Ping and Okta, FIDO2 security keys and biometric authentication such as Auraya’s voice biometric technology. These passwordless authentication requires the user to either have something (authenticator code or security key) or be something (voice, fingerprint and face biometrics) in order to authenticate themselves. These two factors are more secure than passwords (know something) as cyber criminals will need to work harder to break into user accounts.

Taking a closer look at using voice for secure passwordless authentication, Auraya’s EVA voice biometric technology is capable of being deployed on any channel whether it is telephony or digital. With voice, users can authenticate their identity by simply speaking a unique or random phrase. Auraya’s patented technology ensures that users and organizations are protected from recorded playback attacks and synthetic voice attacks. 

EVA is available on the AWS Marketplace for secure and delightful voice biometric authentication on Amazon Connect. EVA can also be deployed into other cloud contact center providers such as AVAYA, Twilio, Genesys and 8x8. Alternatively, EVA can be deployed into digital channels such as chatbots, browsers and apps. Organizations can implement EVA into their multi factor authentication suite via identity management providers such as Auth0, Okta and Ping Identity.