Security Encyclopedia

Voice Authentication

Voice authentication or voice recognition is a biometric authentication technology that enables users to access online services using speech. Voice characteristics used for authentication have an array of implementations from matching on a mobile device to re/authenticating over the telephone with an enterprise call center, or to the Internet of Things devices. Voice characteristics are often measured using liveness detection with the user prompted to utter a unique phrase for the current transaction, or they can be measured passively and provide a strong additional layer of continuous security.

Some voice authentication solutions are architected in a decentralized model such as FIDO UAF that ensures a consumer or employee voice template is secured on the user’s mobile device. Here, a user’s voice is verified locally against itself, a token is sent to the service provider, and access is granted. The biometric itself is not stored at the service provider (true secret). Others are architected in a legacy centralized scheme where libraries of voice templates are held and matched at the service provider. These schemes are common in criminal justice, border protection, and national security settings (shared secret).



"Our employees were falling victim to phishing attacks, so our security team enforced the use of FIDO U2F Devices. Since we started using FIDO U2F tokens as authenticators, we've seen a significant decrease in phishing attacks."