EZ MSP Blog
Could Voice Authentication Join the Ranks of MFA?
Authentication has been a major talking point for the past few years, particularly as the value of data has only increased and security has correspondingly increased in importance. As a result, more secure and reliable means of identity verification have also become more critical. Now, voice authentication is being considered as such a means.
Let’s examine the many variables associated with voice authentication to see how much promise it actually shows.
First and Foremost, How Does Voice Authentication Work?
It may help to specify how authentication in general works, just so we can get a full appreciation of how voice authentication would function.
In any variety of authentication measures, the user provides some kind of proof of identity. If that proof matches the reference that the security system is comparing it to, the user is given access. In terms of voice authentication, the user’s voiceprint of a specific phrase would be compared to the stored copy of what that user’s voiceprint should resemble.
So, if your passphrase was “The rain in Spain falls mainly over the lazy dog,” the system would check for the correct phrase, but also check that the tones and inflections present in the user’s voice matched the patterns in that user’s voiceprint. As a result, voice authentication is typically classified under the “something you are” subset of multi-factor authentication along with retinal scans, facial recognition, or palm scans.
How Secure is Voice Authentication?
Like any other authentication measure, there are already countless stories of voice recognition being bamboozled, meaning that more work is needed to keep your solutions secured. Hackers have already been able to fool voice authentication using recorded snippets, and have hidden malicious commands in white noise to gain control over voice-activated devices.
Having said that, it is important that we also address that any form of identity authentication is inherently less secure when used exclusively, rather than as part of a multi-factor authentication strategy. Furthermore, voice authentication is now being developed with two fraud-fighting technologies built-in. The first, liveness detection, works to differentiate between a live voice and a recorded one. The second, continuous authentication, does what its name suggests and verifies the user throughout the time they are active. That way, an attacker that just switches back to themselves after using a recorded voice to log in would be caught regardless.
Best Practices Concerning Voice Authentication
We’ve referenced a few already, but here are a few essential functions that any voice-based authentication system should involve:
- Multi-Factor Authentication: We really can’t encourage the use of MFA enough. The more proof that a user has to provide to prove their identity, the less likely it is that an unauthorized individual will have what they need to access your resources. Pairing a PIN or password/passphrase with a secondary proof, like voice authentication, makes it much harder for this kind of access to be secured. This primary form of authentication should need to be reconfirmed regularly.
- Secure Storage: On your end, you need to keep your saved records of all authentication data extremely secure… including the biometric data. Otherwise, MFA could potentially be fooled and the whole system would topple.
- Obtain Consent: You also need proof that your users have agreed to use biometric data as an authentication measure, for privacy and legal reasons alike.
So, would you consider implementing voice authentication as an option in your company’s protections—specifically as part of a multi-factor authentication requirement? Are you concerned about the protections you currently have in place? Give us a call, we’ll help ensure that your business is properly secured. Call (914) 595-2250 today.