[Discuss] Fidelity voice-recognition security?

[richard.pieri at gmail.com (Richard Pieri)]

On 11/22/2017 1:44 PM, Robert Krawitz wrote:
> And voices do change, both short and long term.  What happens with
> voice ID when you have a respiratory infection, blocked sinuses, what
> have you?

Which is why any voice authentication system needs some leeway in
matching attempts with the baseline. And of course it needs to adapt to
individuals' vocal changes over time.

Voices can be recorded but this isn't necessarily good enough. Then
again, POTS is restricted to 300Hz to 3kHz, and any system intended to
operate in this range is going to have problems. But this isn't a
problem intrinsic to voice authentication in principle; it's a flaw in
these specific instances. Then again, again, the number of potential
users limited by POTS restrictions is dwindling. Do you use any kind of
voice over digital network like LTE or digital cable or FTTP or WiFi
calling? Do you use standalone VoIP or chat applications? If so then
you're getting 50Hz to 7kHz or better which is more than enough to
capture low and high frequency harmonics needed for accurate voice
authentication.

It is possible to detect recordings being played back. For example,
recordings made outside of controlled studio environments contain noise
which won't match ambient noise during playback. Matching noise could be
used to detect attempts to spoof the system. An audio engineer or
forensics expert (I'm neither) could tell you other ways to detect
recordings. Not suggesting that any of them are easy or that any of them
can be done in real time, just that it is possible.

So yeah. Voice authentication can work and it can be substantially more
secure than passwords (I'm giving passwords the benefit of the doubt as
to their security). In principle. Hearing it in practice still,
unfortunately, remains to be heard.

-- 
Rich P.