Voice-user interface (VUI) technology such as Siri, Cortana and Amazon’s Echo has advanced to a point where voice recognition can be used as an authentication alternative to passwords.
High profile technology investor Mary Meeker recently dedicated a large section of her annual report on the state of the internet to lift-off voice-user interface technology.
This tech makes human interaction with computers possible through speech. While VUI has been around for decades, the technology has made massive strides over the years and its improving accuracy continues to raise its profile.
In the 1970’s machines could recognise words with just 10% accuracy, by 2010 that had reached around 70%, and today it stands at approximately 90%.
Now it’s only a matter of time before accuracy is no longer an issue – for instance Google has announced that it’s working to ensure its speech recognition software will work with even the thickest of accents.
Access with voice authentication
As VUI accuracy continues to improve, it will naturally become a form of authentication as all voices have subtle differences, similar to fingerprints.
Consumer facing organisations are already starting to trial voice recognition as a method of authentication.
A number of UK banks are seeing the need for this and have introduced new voice related security measures.
Findings from a survey carried out by Pindrop showed that over half of respondents felt that no bank was fully secure, and 59% said they would leave their bank if they thought another one was more secure.
Voice recognition is also finding its way into the workplace, with employees being able to access work profiles and systems by simply speaking.
However, using voice authentication presents some clear concerns. Chief among these are the security implications: how will voice authentication be added, changed and shared organisation-wide?
Today 95% of employees use a typed password to access email, and devices such as phones and laptops.
As a result, amongst the most common tickets raised to IT help desks is forgotten password requests. The emergence of voice authentication should offer reprieve to the IT department, freeing them up to address more pressing tasks.
Taking one step at a time
The most astute and forward-thinking IT leaders will be paying close attention to developments in VUI. However, adoption should be cautious and staged in order to limit the security risks to the business – if there are speed bumps during implementation, new security operations can be tested, re-tested and contained if necessary.
Gradual adoption is how enterprises have traditionally met the introduction of new technology such as the rise of the smartphone.
IT teams have traditionally been nervous about allowing employees to access work email on their personal devices. In the same way, as organisations recognise the advantages of voice authentication and race to gain competitive advantage they should slow down and find the solution that best fits.
The role of two-factor authentication
Two-factor authentication adds a second level of verification to an account log-in.
In traditional password authentication, the additional credential can be a further piece of information known by the user such as a phone number, or owned by the user like a biometric.
The added layer of security can trump the action of a hacker with access to the first authentication information. But there is a dilemma with passwords in that hackers can pretend to be users and request to recover sign-in credentials – which is much harder with voice recognition.
Two-factor authentication is part of the larger movement of maturing multi-factor authentication. For instance, biometrics are one way to solve the credential recovery issue but it cannot detect fraud on its own.
So whilst VUI will be a key piece in the authentication puzzle, enterprises cannot look to voice as a direct and sole replacement for authentication. No matter how good the VUI is today, it is still always better to have multi-factor authentication.
It may not stop every attacker, but creating multiple layers certainly creates a roadblock for many of them. Even KITT got hacked once.
Sourced by Matt Peachey, VP/GM International at Pindrop