Gunnar Kudrjavets

Paranoia is a virtue

Would you be willing to use speech based authentication IRL?

One of the frequent questions we’re getting from our customers is what we plan to do about biometrics and speech based authentication in Speech Server? Particularly people are interested in telephony scenarios á la:

...
System: Please state your name.
Caller: Gunnar Kudrjavets.
System: (doing some magic) You’re authenticated. What do you want to do?
Caller: Savings account balance, please.
...

Speech is very different from traditional biometrics based security measures: face, fingerprint, and iris. I’m just curious to know, would you trust something like this? Yes, I know that it depends on person, but hopefully if enough people will respond, I can make some useful conclusions from this ;-) Google will point you to lots of good links related to the current state of speech based authentication, error percentages, research articles etc.

Posted: Mar 31 2004, 12:36 AM by gunnarku | with 8 comment(s)
Filed under:

Comments

Mo said:

For trivial stuff (e.g., voicemail, that sort of thing), yes. For banking? No.

Until these things can't be fooled by recordings, they're not good enough for scenarios where I need real security. Even asking the caller to repeat a phrase or some digits could be beaten using recordings (although repeating a phrase would make it difficult, of course).

It's nice technology, though.. I'm interested to see where it leads.
# March 31, 2004 4:41 AM

Ian Ringrose said:

I would not be happy with it as.

a) It stops a lot of disable people living a normal life, e.g. they will never be able to use a bank again! (No option of getting someone else to make the phone call for them.)

b) Someone could records a phone call, and then play back the bit when I spoke my name.

c) When I get to speech to a person after doing “speech based authentication” they will just ask me for my account number and details again anyway! (If I wanted to talk with a computer, I would have used the internet in the first place!)
# March 31, 2004 4:51 AM

Scott Galloway said:

Agreed, no way can this be secure enough for any use where cash / cash equivalent services are envolved. Even if you can have 'speak phrase 6' style security (equivalent to the current online banking multiple questions authentication), it's just too easy to record and play back this information...
# March 31, 2004 5:28 AM

SimonT said:

No, absolutely not, espcially in the scenario you mentioned, in fact if my bank introduced it I would go as far to move banks.
# March 31, 2004 6:53 AM

SimonT said:

To futher clarify this, a telephone is typically 8khz so trying to capture all the nuances of the human voice in such a small range. Nope.
# March 31, 2004 6:54 AM

TrackBack said:

Take Outs for 31 March 2004
# April 1, 2004 2:19 AM

Michael Giagnocavo said:

I'd accept some kind of speech + passphrase, IFF the connection was encrypted.
# April 20, 2004 1:39 PM

Scott Rowan said:

I'd be willing. Authentication technology now, can protect us against imposters and recordings. The prospect of never having to remember another PIN or Password is quite inviting.
# July 27, 2004 9:27 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)