Why not use the same password for all my accounts?
-
I was recently required to sign up to voice recognition security when I telephoned a government department. I had to keep repeating the phrase "My Voice is my Password" while it was recorded and analyzed. Now my records are supposedly protected by my voice. That scares me. What happens when my Bank also starts to use this technology? Then the big online retailers? Then the utility service providers. I only have one voice, so all my accounts will be secured with the same voice print security. That is like forcing everyone to use the same password for all their accounts. Human nature will have users relax the complexity of their typed passwords because Voice Recognition becomes the main security measure, which is counterproductive for overall security. One employee in any one organization could steal and abuse all my accounts everywhere using my voice records. Try playing the hacking game Uplink for a demonstration of what might be possible with voice simulation (I found Uplink on Steam). Imagine what happens when a large telephone company get their database of bank account details hacked, together with the voice prints of all their customers? Instant access to all the tools necessary for total identify theft. The responsibility for proving fraud has happened passes from the bank to the customer. Try proving that you didn't transfer all your money to a scammer's account when the bank have what they claim is a recording of you logging in with your voice. Just because we have the technology to do some things doesn't mean we should.
Your concerns are valid. Any system relying on just one spoofable mode of authentication is leaving themselves open to the threat of impersonation and all the vulnerabilities it entails. How hard is it to stand near someone and watch while they pay for a purchase with their smart card (debit, credit or otherwise) and enter a 4-digit PIN? Is mere possession of the card and a PIN sufficient authorization protection? I don't. And yet we have lived with this scheme for a long time now. Multi-modal authentication is the future. Most personal devices have microphones and cameras now. These combined can provide simultaneous live biometric capture; combining, say, facial geometry, iris pattern, and voice recognition, eventually c/w verification that they person in front of the microphone is moving their lips in a manner concomitant with what on-the-spot-unique phrase is being said. Current vendor-supplied payment devices can also be upgraded with cameras and microphones. We will get there. It's only a matter of time.
Cheers, Mike Fidler "I intend to live forever - so far, so good." Steven Wright "I almost had a psychic girlfriend but she left me before we met." Also Steven Wright "I'm addicted to placebos. I could quit, but it wouldn't matter." Steven Wright yet again.
-
I was recently required to sign up to voice recognition security when I telephoned a government department. I had to keep repeating the phrase "My Voice is my Password" while it was recorded and analyzed. Now my records are supposedly protected by my voice. That scares me. What happens when my Bank also starts to use this technology? Then the big online retailers? Then the utility service providers. I only have one voice, so all my accounts will be secured with the same voice print security. That is like forcing everyone to use the same password for all their accounts. Human nature will have users relax the complexity of their typed passwords because Voice Recognition becomes the main security measure, which is counterproductive for overall security. One employee in any one organization could steal and abuse all my accounts everywhere using my voice records. Try playing the hacking game Uplink for a demonstration of what might be possible with voice simulation (I found Uplink on Steam). Imagine what happens when a large telephone company get their database of bank account details hacked, together with the voice prints of all their customers? Instant access to all the tools necessary for total identify theft. The responsibility for proving fraud has happened passes from the bank to the customer. Try proving that you didn't transfer all your money to a scammer's account when the bank have what they claim is a recording of you logging in with your voice. Just because we have the technology to do some things doesn't mean we should.