Now that Apple has decided to jump into the biometrics space with Touch ID, we can expect the idea of finger, face and speech recognition to gain more traction. When it comes to biometrics there are different approaches which companies can take to ensure only specific people have access to computers and information. In Apple’s case the company is looking to make it easier to keep your phone secure. The single finger touch is all that is required to get into many of secrets located on your phone.
The challenge is as I blogged yesterday – a sleeping person can inadvertently divulge all their secrets to other people without realizing it.
This is where multifactor authentication comes in. A company called SPEECHPRO has a number of products in the biometrics space and one of them is VoiceKey.OnePass a product which takes advantage of the camera and microphone on smartphones and requires customers to say their password while looking at the camera. By doing so, the company can determine the user knows the password, that it is their face, their voice and can even detect that the lips are moving as the person is talking to ensure the system is not being duped. This last feature is called Liveness detection and is optional.
I spoke with the company’s President & CEO Alexey Khitrov who told me the company has 30 PHDs working on biometrics and related solutions and they occupy a unique position in the space. I asked if customers are going to want to speak their passwords in public and he said because of the multifactor authentication used, it doesn’t matter if other people know your password.
Another interesting solution the company offers is VoiceKey.Agent for call centers, it allows a company to be more likely to know they are speaking with the correct person. By utilizing passive speech recognition, the system is able to generate a confidence score regarding the person they are talking to which helps ensure they are who they say they are. The agent can simultaneously see the confidence score from the last five seconds as well as the current score and in this way they can be more certain the phone hasn’t been transferred to another person.
If the phone does get passed, the agent can ask for a password – they can also get a score on the password to ensure once again, the right person is on the phone.
Khitrov explained that in the enterprise, security was typically something you know or had and now with his company’s solutions there can be more certainty that the right person is being communicated with.
Perhaps the best news of my meeting is the company just doubled the accuracy of its VoiceKey biometric engine for voice verification.
The update lowers the chance of verification error as the false acceptance (FA) rate has been reduced to 0.1% at a FR rate of less than 5% for short utterance via the cellular channel. Preprocessing functionality, including noise cancellation and acoustic environment adaptation, enhances VoiceKey performance even further: voice verification which can now be carried out in noisy environments, outdoors and in the street with a signal-to-noise-ratio down to 7dB.
At the end of the day the situation users have to deal with regarding passwords is ridiculous. You need a different password for each site and they all need to be long enough - perhaps eight characters, consist of upper and lower case letters, numbers, not be obvious, not be sequential, etc. We need better solutions and multifactor biometrics is certainly a more ideal way of verifying identity than having to memorize a dictionary's worth of unique sequences of characters.