{"id":6390,"date":"2017-01-26T06:30:38","date_gmt":"2017-01-26T14:30:38","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/26\/news-227\/"},"modified":"2017-01-26T06:30:38","modified_gmt":"2017-01-26T14:30:38","slug":"news-227","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/26\/news-227\/","title":{"rendered":"Password-free security uses voice, user behavior to verify identity"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt3.staticworld.net\/images\/article\/2017\/01\/product-in-use-100705861-large.3x2.jpeg\"\/><\/p>\n<p> Tired of conventional passwords? So is Nuance Communications, a tech firm that is promoting the human voice as a way to secure user accounts. <\/p>\n<p> The company\u2019s voice biometric product is among the technologies that promise to replace traditional &#8212; and often vulnerable &#8212; password authentication systems, which can be easy to hack. That isn\u2019t the case with Nuance\u2019s solution, the company claims. \u00a0\u00a0 <\/p>\n<p> \u201cTo determine if it\u2019s you or not, we are looking at over 100 different characteristics of your voice,\u201d said Brett Beranek, Nuance\u2019s director of product strategy. <\/p>\n<p> The need to move beyond passwords hasn\u2019t been more urgent, given that hackers are routinely finding ways to steal them. Last year, <a href=\"http:\/\/www.computerworld.com\/article\/3123423\/security\/hackers-got-a-treasure-trove-of-data-from-the-yahoo-breach.html\" target=\"_blank\">Yahoo<\/a>, LinkedIn and Dropbox all reported major data breaches involving account details such as email addresses and hashed passwords. \u00a0 <\/p>\n<p> With such information, a hacker can plunder through an email account like suspected <a href=\"http:\/\/www.computerworld.com\/article\/3120585\/security\/hackers-are-already-shaping-us-election-coverage-with-data-leaks.html\" target=\"_blank\">Russian cyberspies<\/a> did to U.S. political figures in last year\u2019s election. <\/p>\n<p> However, security provider Nuance is trying to change the status quo. Already, banks and financial institutions have been deploying the company\u2019s voice biometric technology to verify user identities. \u00a0 <\/p>\n<p> \u201cThis is more secure than a password,\u201d Beranek said. \u201cWe\u2019ve had our customers report a significant reduction in fraud over PIN and password security solutions.\u201d <\/p>\n<p> The technology was first deployed in a customer call center back in 2001. Since then, it\u2019s also been used in finance-related mobile apps and to secure PCs at a handful of organizations, Beranek said. <\/p>\n<p> Every human voice is unique, he added. Factors like a person\u2019s larynx, the shape of the nasal cavity, and whether the subject is missing a tooth, will all determine the way someone sounds. People can also speak in a more monotone or lively manner, or space out their words in varying rhythms. <\/p>\n<p> Nuance\u2019s technology has been built to analyze these differences to accurately determine who is who, Beranek said. It\u2019s been refined to the point it can weed out voice impersonators, digital recordings and synthetic voices that try to dupe its system. <\/p>\n<p> \u201cIn most cases, we can differentiate consistently between identical twins,\u201d Beranek also said. <\/p>\n<p> Nuance Communications is using its voice biometric technology to help companies go passwordless. <\/p>\n<p> Replacing passwords is one thing, but what if your security system could also detect and kick out intruders who managed to break in? <\/p>\n<p> SecureAuth is another company that\u2019s been working on this very technology. It\u2019s offering a system for companies to go \u201cpasswordless,\u201d which can also spot any unusual activity on a user account. <\/p>\n<p> The approach leverages an existing device many people have: Smartphones built with fingerprint readers, said Keith Graham, CTO of SecureAuth. <\/p>\n<p> Essentially the hardware is replacing the password. When logging on to a system, the user will receive a notification sent to their phone that can only be unlocked through a fingerprint scan. Clicking on the notification will then grant access to the system. <\/p>\n<p> However, SecureAuth\u2019s authentication process is also on the lookout for unusual behavior from the user even after logon. For instance, it\u2019ll examine inconsistencies with the person\u2019s keystrokes, mouse movements, where the user logged in from, at what time, along with the configuration settings on the device. <\/p>\n<p> In that way, SecureAuth can assess whether someone accessing the system is possibly a hacker or not. \u00a0 <\/p>\n<p> \u201cIt doesn\u2019t only matter how big a lock you have on the door,\u201d Graham said. \u201cIt\u2019s about how quickly you can respond to remove the attacker from the environment.\u201d <\/p>\n<p> In the future, authentication systems may very well act more like \u201cfraud detectors,\u201d said David Mahdi, an analyst with research firm Gartner. Tech companies are aggregating so much data about their users, they\u2019ll be able to notice suspicious activity from normal behavior, and boot out suspected bad guys. <\/p>\n<p> \u201cThe more data points you can look at, the better,&#8221; he said. <\/p>\n<p> Companies including Google and Microsoft are also developing better authentication systems that rely on other biometrics such as <a href=\"http:\/\/www.pcworld.com\/article\/2937701\/why-most-of-us-will-miss-out-on-windows-hello-windows-10s-facial-recognition-feature.html\" target=\"_blank\">facial recognition<\/a> or even how a <a href=\"http:\/\/www.computerworld.com\/article\/2512706\/mobile-wireless\/how-apple-and-google-will-kill-the-password.html\" target=\"_blank\">person walks<\/a>. So it\u2019s maybe only a matter of time before these technologies become more available and displace the password. <\/p>\n<p> However, one major obstacle is getting the industry behind the <a href=\"http:\/\/www.csoonline.com\/article\/3158106\/security\/passwords-a-long-goodbye.html\" target=\"_blank\">same standards<\/a> on authentication, Mahdi said. Many enterprises are also using legacy systems that they fear will break if upgraded.\u00a0 <\/p>\n<p> &#8220;A lot of laptops have fingerprint readers,&#8221; he said. &#8220;But all the organizations that I talk to aren&#8217;t using them, because the laptops have a specific driver, and I&#8217;ve heard its a nightmare to push out updates to them.&#8221; <\/p>\n<p> It&#8217;s also true that any biometric system, such as fingerprint and voice, might have drawbacks.\u00a0For example, what if your phone runs out of battery, or if you&#8217;re in an extremely loud area? <\/p>\n<p> \u201cThey all have their pros and cons,\u201d said Mahdi. \u201cThere\u2019s not one method to rule them all.&#8221; <\/p>\n<p> Nuance Communications said its own system isn&#8217;t perfect. For instance, its voice biometric technology will have trouble working with people who have laryngitis or other throat-related illnesses. <\/p>\n<p> However, the company says its solutions is an improvement over passwords, which users often forget. Nuance&#8217;s product can also be combined with other technologies for <a href=\"http:\/\/www.computerworld.com\/article\/3040596\/security\/multi-factor-authentication-goes-mainstream.html\">two-factor authentication<\/a>. <\/p>\n<p> &#8220;You could have two separate biometrics,&#8221; Beranek said. &#8220;It could be fingerprint.&#8221; <\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3161788\/security\/password-free-security-uses-voice-user-behavior-to-verify-identity.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt3.staticworld.net\/images\/article\/2017\/01\/product-in-use-100705861-large.3x2.jpeg\"\/><\/p>\n<article>\n<section class=\"page\">\n<p> Tired of conventional passwords? So is Nuance Communications, a tech firm that is promoting the human voice as a way to secure user accounts.<\/p>\n<p> The company\u2019s voice biometric product is among the technologies that promise to replace traditional &#8212; and often vulnerable &#8212; password authentication systems, which can be easy to hack. That isn\u2019t the case with Nuance\u2019s solution, the company claims. \u00a0\u00a0<\/p>\n<p> \u201cTo determine if it\u2019s you or not, we are looking at over 100 different characteristics of your voice,\u201d said Brett Beranek, Nuance\u2019s director of product strategy.<\/p>\n<aside class=\"fakesidebar\"> <strong>[ Further reading: <a href=\"http:\/\/www.computerworld.com\/article\/3040596\/security\/multi-factor-authentication-goes-mainstream.html\" target=\"_blank\">Multifactor authentication goes mainstream<\/a> ]<\/strong> <\/aside>\n<h3><strong>The problem with passwords<\/strong><\/h3>\n<p> The need to move beyond passwords hasn\u2019t been more urgent, given that hackers are routinely finding ways to steal them. Last year, <a href=\"http:\/\/www.computerworld.com\/article\/3123423\/security\/hackers-got-a-treasure-trove-of-data-from-the-yahoo-breach.html\" target=\"_blank\">Yahoo<\/a>, LinkedIn and Dropbox all reported major data breaches involving account details such as email addresses and hashed passwords. \u00a0<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3161788\/security\/password-free-security-uses-voice-user-behavior-to-verify-identity.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714],"class_list":["post-6390","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6390","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6390"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6390\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6390"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6390"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6390"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}