Biometric authentication

If you want to learn more about biometric authentication, the best place to start is FIDO Alliance. Regardless of where you stand when it comes to passwords (are they obsolete and must be eliminated?), their standards and specifications can be useful.

The ecosystem enables enterprises and service providers to deploy strong authentication solutions that reduce reliance on passwords and protect against phishing, man-in-the-middle and replay attacks using stolen passwords.


Thoughts on Voice Biometric Authentication

Requirement: Strong user authentication when accessing an application.

Risk: Users write passwords down or use weak passwords.
Possible solution: Authentication by voice recognition.

This approach has several advantages, such as the cost of implementation (which is low due to no special hardware requirements: a simple microphone is all that is needed to authenticate the user’s voice). Furthermore, voice authentication is generally easy to use and accepted by users.

It also could be used as a self-service password reset system: the system asks questions, authenticates his/her voice and allows him to reset the password. This could result in significant time and cost savings for a company.

However, appropriate user training should be provided before using voice authentication mechanisms. Alternative forms of authentications should also be considered to address the following problems:

  • Human voice changes over time.
  • Noise
  • Colds

Moreover, to prevent gaining unauthorised access by playing back a pre-recorded voice sample from an authorised user, a challenge-response system should be used: for example, the system should ask the user to repeat a random set of words or phrases in a specified order.

A voice authentication solution should be used in conjunction with another form of authorisation, such as a password to achieve maximum security.

Legal and privacy issues should be considered due to storage of biometric data.
Further analysis should be carried out to decide on the use of several commercial software packages available or in-house development.