Thoughts on Voice Biometric Authentication

Requirement: Strong user authentication when accessing an application.

Risk: Users write passwords down or use weak passwords.
Possible solution: Authentication by voice recognition.

This approach has several advantages, such as the cost of implementation (which is low due to no special hardware requirements: a simple microphone is all that is needed to authenticate the user’s voice). Furthermore, voice authentication is generally easy to use and accepted by users.

It also could be used as a self-service password reset system: the system asks questions, authenticates his/her voice and allows him to reset the password. This could result in significant time and cost savings for a company.

However, appropriate user training should be provided before using voice authentication mechanisms. Alternative forms of authentications should also be considered to address the following problems:

  • Human voice changes over time.
  • Noise
  • Colds

Moreover, to prevent gaining unauthorised access by playing back a pre-recorded voice sample from an authorised user, a challenge-response system should be used: for example, the system should ask the user to repeat a random set of words or phrases in a specified order.

A voice authentication solution should be used in conjunction with another form of authorisation, such as a password to achieve maximum security.

Legal and privacy issues should be considered due to storage of biometric data.
Further analysis should be carried out to decide on the use of several commercial software packages available or in-house development.