Is It Time for Voice-Based Authentication?

Identity and access management (IAM) is changing in a big way.

You might as well go around with a trumpet and really let people know about what they should be doing in biometrics and advanced permissions and all of the rest of it, to keep up with rapidly evolving standards that keep us safer while giving us access to key tasks.

Here’s some of the context of why voice-based authentication is such a powerful innovator and disruptor for businesses all over the dial.

 

The Biometrics Struggle

For years now, we’ve heard about the Herculean struggle to untether us from annoying, frustrating, and labor-intensive password management. This stuff is no fun, as anyone on either side of the administrative curtain will tell you.

In the beginning, in the early days just after the Von Neumann machine and mainframes became manageable personal computers, passwords were fine. It was straightforward. You go to the terminal, and you enter a few characters and you get access. You are the only person who knows the password, so other people cannot impersonate you.

However, passwords quickly got out of hand. They became a biometrics nightmare. It’s entirely easy enough to pass a password to someone else, to steal it with screenshots or keyloggers or spyware, or spoof another user’s identity in a multitude of ways.

Not only that, but passwords are so hard to administrate that companies put massive amounts of money into password management. The common reason is that people tend to forget their passwords. They have so many passwords that they can’t possibly store them all in their human memory banks, and so they keep requesting password resets every time they want to get into a system.

As if that weren’t enough, experts continue to change password guidance. Is your password strong enough? Do you need special characters that will make it even harder for you to remember your password when you need to use it?

All of this shows how the password, which was such a great thing at the beginning of personal computing, became such an enormous liability. Authentication just didn’t scale. In this context, we only just started making progress with biometrics – using biological markers instead of a password.

Using biological markers is much safer, and users never forget. You don’t forget your fingerprint – however, using a fingerprint or retinal scan requires an entirely different interface, something that’s not built into legacy devices and can be pretty expensive to install.

As for facial recognition, you’re talking a lot more money and effort, along with various kinds of data privacy concerns, where companies are now dropping involvement in facial recognition programs like a hot potato over intrusive uberveillance and its unpopularity with the common individual.

 

Multifactor Authentication

To be fair, we’ve come a certain way with MFA. Using the smartphone as a secondary verifier has been a big win for all sorts of corporate IAM programs, from Amazon to your local utility company and beyond. However, the plain fact is that sometimes, our logins catch us without a charged and available smartphone.

 

Voice-Based Authentication – The Basic Components Are Already Here

When executives and business leaders really sit down and think about the best way to innovate with biometrics, they find a uniquely powerful and easy solution staring them right in the face. Our voices are a key biometric marker. It’s extremely difficult for others to fully imitate the sound of our voices and our inflections, and the ways in which we speak.

Not only that, but voice command is now built into many of our devices. Even where the devices don’t inherently handle voice command, it’s relatively easy to install identity and access management software that will take the audio and use it for authentication.

We already have speech-to-text and natural language processing. We already have microphones built into phones and computers. We’re already there – the only thing left is the deployment.

 

Combining Voice-Based Auth with Identity and Access Management Tools

The idea of using voice-based authentication magically rids us of the troublesome task of managing a blizzard of passwords or trying to authenticate people with a fingerprint or retina scan. However, to be entirely effective, voice-based authentication should be combined with the right IAM strategy.

 

Here are two fundamental components of this:

  • 1. The first one is giving each user the right permissions. The voice-based authentication program will verify who’s logging in, but unless they are tagged with the right administrative privileges, you’re still leaving the barn door open.
  • 2. The second principle here is a life cycle and decommissioning process.

 

Somebody may be a high-up manager or administrator in your system, but if he or she leaves or retires, or god forbid is fired potentially carrying an ax on his or her shoulder, those permissions need to change immediately, not at some undetermined time in the future.

 

With that in mind, here are three key tasks that savvy administrators will combine with voice-based authentication to really lock down a network in an effective way.

  • 1. Teams will regulate privileged accounts with special identity and access management tools and protocols.
  • 2. They will evaluate user profiles in order to make sure the permissions match the logon.
  • 3. They will micromanage authentication for sensitive data sets, for example, individual vendor cloud platforms or other parts of the network accordingly.

 

Here’s the answer – it is time for voice-based authentication. That plus excellent IAM will put your business at the front of its class for effectively replacing the weak and labor-intensive password management paradigm that other businesses are still swallowing as a bitter pill.