|
I was recently required to sign up to voice recognition security when I telephoned a government department. I had to keep repeating the phrase "My Voice is my Password" while it was recorded and analyzed. Now my records are supposedly protected by my voice. That scares me.
What happens when my Bank also starts to use this technology? Then the big online retailers? Then the utility service providers. I only have one voice, so all my accounts will be secured with the same voice print security. That is like forcing everyone to use the same password for all their accounts.
Human nature will have users relax the complexity of their typed passwords because Voice Recognition becomes the main security measure, which is counterproductive for overall security.
One employee in any one organization could steal and abuse all my accounts everywhere using my voice records.
Try playing the hacking game Uplink for a demonstration of what might be possible with voice simulation (I found Uplink on Steam).
Imagine what happens when a large telephone company get their database of bank account details hacked, together with the voice prints of all their customers? Instant access to all the tools necessary for total identify theft.
The responsibility for proving fraud has happened passes from the bank to the customer. Try proving that you didn't transfer all your money to a scammer's account when the bank have what they claim is a recording of you logging in with your voice.
Just because we have the technology to do some things doesn't mean we should.
|
|
|
|
|
|
Couldn't agree more - it's a technology that will be hacked to buggery by voice synths in a very short space of time. As Griff's link shows, it can even be hacked without technological assistance.
I'm somewhat astonished that an organisation the size of HSBC are using this kind of snake-oil. If I had shares in them, I'd be selling.
98.4% of statistics are made up on the spot.
|
|
|
|
|
PeejayAdams wrote: I'm somewhat astonished that an organisation the size of HSBC are using this kind of snake-oil. If I had shares in them, I'd be selling.
Small fry. The Australian Tax Office has brought this in. I refuse to sign up and keep going through to an operator for verification/
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
PeejayAdams wrote: will be hacked to buggery by voice synths
Well, maybe that'll result in improvements in cheap but good voice synthesis!
Marc
Latest Article - Create a Dockerized Python Fiddle Web App
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
it's a technology that will be hacked to buggery by voice synths in a very short space of time
Well, you can already use such kind of technology today. Try this: https://lyrebird.ai/demo
|
|
|
|
|
And what happens when you quit/start drinking/smoking?
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Or what if they bring you to the vet to get you neutered?
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
You forgot some relevant points that has nothing to do with hacking...
What happens if you have a bronchitis?
What happens if you have an accident and you damage your vocal chords?
What happens if the microphone of your telephone sucks and has frequency deviations?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
In theory, because it uses about a hundred factors, colds, sore-throats etc. aren't an issue.
In reality, I think it's fair to say that a great many rather fundamental aspects of our voices (speed, tone, accent, pitch and many more) can change with time, mood, energy levels, location, sobriety and all manner of factors before we even get to things like different microphones and signal distortion.
It's hard to imagine that there are aren't huge margins for error built in and margins for error are the last thing you want in a security system!
98.4% of statistics are made up on the spot.
|
|
|
|
|
So you say - Do not worry, if hundred factors wasn't enough to tell apart twins it will not be enough to diagnose you with cold... How reveling...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
PeejayAdams wrote: It's hard to imagine that there are aren't huge margins for error built in and margins for error are the last thing you want in a security system! And that was exactly my point.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Where's Mel Blanc when we need him?
We're philosophical about power outages here. A.C. come, A.C. go.
|
|
|
|
|
robinsky wrote: Just because we have the technology to do some things doesn't mean we should.
If only everyone understood this.
|
|
|
|
|
But the technology does not really do it!
... such stuff as dreams are made on
|
|
|
|
|
No. You have it all backwards. You do not conform to their idiocy, you reject them.
> One employee in any one organization could steal and abuse all my accounts everywhere using my voice records.
Yes, that's probably the whole reason they set this up in the first place. The question is why are you going along with it?
|
|
|
|
|
It's been said many times before, the problem with any system that relies on biometrics for authentication is that you can't change them.
I'm reminded of this old story...what good is using biometric data if it's not going to be secured?
|
|
|
|
|
Call "0800 am I secure" and say your account number and repeat "My voice is my password" 3 times and we will check for you if it still secure!
Call within one hour of this commercial and we'll include some free balls to lick.
Privacy guaranteed!
Call NOW!
|
|
|
|
|
So this voice password thing. Is it as reliable at recognising what You say as Cortan or Siri?
So it's not so much a question of someone else gettig into your account as you being unable to get into it
We're philosophical about power outages here. A.C. come, A.C. go.
|
|
|
|
|
This (or similar technologies) along with several other layers will be the norm in the future. Many have pointed out the short comings of this approach, but short comings are part of every approach to varying degree.
I would think that in order to properly profile a voice for use as one of these layers would require much more than saying a simple phrase multiple times. The AI engine behind it would need to have a much broader and deeper understanding of your voice to approach something reasonably secure.
First off I would think that random phrases would be given to the user to say each time they logged into a system. That way someone couldn't simply record a voice to mimic the user. They then might have a recording but it wouldn't have the right phrase and not pass the check.
But, regardless of how this is or isn't implemented this is only one layer and I fairly confidant that down the road we will be forced to use multi factors with regularity and these factors will be integrated with each other to increase the confidence that the user is who the user says they are.
|
|
|
|
|
Your concerns are valid. Any system relying on just one spoofable mode of authentication is leaving themselves open to the threat of impersonation and all the vulnerabilities it entails.
How hard is it to stand near someone and watch while they pay for a purchase with their smart card (debit, credit or otherwise) and enter a 4-digit PIN?
Is mere possession of the card and a PIN sufficient authorization protection?
I don't. And yet we have lived with this scheme for a long time now.
Multi-modal authentication is the future.
Most personal devices have microphones and cameras now. These combined can provide simultaneous live biometric capture; combining, say, facial geometry, iris pattern, and voice recognition, eventually c/w verification that they person in front of the microphone is moving their lips in a manner concomitant with what on-the-spot-unique phrase is being said.
Current vendor-supplied payment devices can also be upgraded with cameras and microphones.
We will get there. It's only a matter of time.
Cheers,
Mike Fidler
"I intend to live forever - so far, so good." Steven Wright
"I almost had a psychic girlfriend but she left me before we met." Also Steven Wright
"I'm addicted to placebos. I could quit, but it wouldn't matter." Steven Wright yet again.
|
|
|
|
|
I was going to comment on this, but decide to remain mute.
|
|
|
|
|
Someone in the office mentioned that office265.com will redirect to office365.com. So i was wondering how many domains does microsoft own to protect wrongly typed address?
|
|
|
|
|
|
None... all goes here: https://products.office.com
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|