I love biometrics

In response to a recent article expressing apprehension with biometrics, Brett Beranek addresses concerns around the use of biometrics for authentication. Specifically, Beranek details why organizations around the world are deploying voice biometrics through providing evidence that this form of authentication is far more effective than passwords, PINs and security questions.
By
Biometrics

Earlier this week, Gregg Stefancik, an engineer at Facebook stated “I hate biometrics.” Naturally, I had to respond to such a strong and provocative statement. I love biometrics. More specifically, I love voice biometrics. If you follow my blog, you’ll know that the reason why I love voice biometrics is that it has proven to be far more effective and convenient of an authentication method than passwords, PINs and security questions. And I don’t just think so – the data actual says so. Financial institutions all over the globe, such as Banco Santander Mexico, Barclays Wealth & Investment Management, TD Waterhouse, U.S. Bank, and Vanguard just to name a few, have realized the benefits of voice biometrics such as increased customer satisfaction, decreased operating costs and a significant reduction in fraud. Beyond financial institutions, that first deployed voice biometrics in their most secure use cases (e.g. wire transfer service), voice biometrics is now being adopted beyond the financial industry in telecom, insurance and beyond.

So why then is there still any argument against biometrics? For most people, the term “biometrics” is equated to fingerprinting and iris scans. With these two forms of biometric authentication, the issue of your fingerprint and your iris being static and unchanging, i.e. you lose control of being able to change your security credential if there is a breach, is often raised as a gating factor for wide adoption. Voice biometrics is not afflicted by this problem, because unlike fingerprint or iris, which again are static biometric credentials, voice biometrics is a dynamic biometric credential. What is the difference? A static biometric is unchangeable. A dynamic biometric can be changed. Your fingerprint is static, meaning that you can’t change it. Most of us have ten fingers, so there is a small amount of variability that is possible: if you enroll your right index finger to authenticate into a system, and a hacker compromised your fingerprint, you could enroll another finger. But at the end of the day, you have a maximum of ten possible credentials with fingerprint biometrics. With iris, that number drops down to two. With voice biometrics, you have an infinite amount of possible voiceprints. Let’s say that you have the following voiceprint to authenticate into your Facebook account: “My voice is my password at Facebook.” Should a malicious individual record you saying this passphrase, you could revoke this credential and create a new one where you say “At Facebook, my voice is my password.” You can easily see how there are an infinite amount of possibilities with voice, and so it’s important not to lump all biometric technologies into the same boat. Irrevocability is only an issue with static biometrics.

Another issue that was addressed in the recent “I hate biometrics” article is the massive password breach at eBay.  “Had those passwords been biometrics, users would be left in the lurch.” The fact is that if those passwords had been voiceprints, there would have been no security issue at all.. Voiceprints are of no value to a hacker, as they can’t be used to authenticate into a system (unlike passwords). A massive security breach like we see on a regular basis with passwords is simply not possible with voice biometrics. The reason for this is simple: the only input to a voice biometric system is a person’s voice. A voiceprint is not a person’s voice but rather is a set of alphanumeric values that represent a large set of characteristics of an individual’s voice. The voiceprint is not the key to the castle, your voice is. Voices are not stored in a centralized database, voiceprints are. If we want an end to massive credential breaches, the solution is voice biometrics.

The article went on to mention that a lot of research showed that biometrics could be easily spoofed. Although spoofing is a possibility, with voice biometrics there are a number of anti-spoofing technologies that minimize this risk. The risk of spoofing is far lower than a hacker compromising a password, or someone stealing your phone. Anti-spoofing capabilities include playback detection algorithms that detect voice recordings, liveness detection, change in speaker detection and synthetic speech detection. No security system is infallible, but out of all of the authentication options currently available on the market, voice biometrics is clearly one of the most secure. See the report by Opus Research that compares the risks of voice biometrics vs. passwords and OTP tokens.

So from a security standpoint, voice biometrics is more secure than passwords, OTP, KBA, etc. And, yes, it delivers phenomenal value to the enterprise, as showcased by the aggressive ROIs reported by a number of organizations that have deployed it. But my love for voice biometrics is a love of the experience. It enables an end-to-end speech experience that is convenient and easy. It allows technology to know who I am in the most natural way. Combined with a virtual assistant, for example, I can say “My voice is my password” followed by “Update my Facebook status to I love voice biometrics.” I can have a secure, natural interaction with technology, like I would have with a human. And that is a beautiful thing.

Tags: ,

  • http://www.esslsecurity.com eSSL securities

    Nice article and thanks for good inputs.

The latest in tech news and insights,

delivered straight to your inbox

Thank you, preferences have now been saved.

Brett Beranek

About Brett Beranek

Like you, CX and biometrics expert Brett Beranek – Senior Principal Solutions Marketing Manager, Enterprise – is fascinated by transformative technologies that have a real impact on our lives. With over a decade of experience in the customer experience and biometrics space, Brett brings strategic and tactical insights to organizations wishing to deliver a better experience to their customers via innovative technologies. Prior to joining Nuance, Brett a technologist and entrepreneur by education and passion, successfully introduced several disruptive technologies to the health-care, IT and security markets, including as a partner of facial recognition firm Viion Systems and member of Genetec’s management team, a security firm that transformed the video surveillance market. Brett also currently serves on the advisory board of high-tech healthcare startup GaitTronics. Brett earned a Bachelor of Commerce, Information Systems Major, from McGill University as well as an Executive Marketing certificate from Massachusetts Institute of Technology’s Sloan School of Management. Brett loves travelling the globe and discovering new cultures with his three kids, Layla, Rayan and Nora and his wife, Tania.