One of the more interesting trends to watch in 2014 will be new technologies for passwords. Without question, the biggest headache in our lives has been the need to track and remember literally hundreds of PINs, passwords or security questions for everything from using a cellphone to buying any good or service online. Some intriguing new tools that could make things substantially easier are not quite ready for the mass market yet, but they’re coming.
At the big CES conference in Las Vegas earlier this month, a company called Hoyos Labs demonstrated Apple or Android mobile apps that would eliminate the need for usernames or passwords to unlock a smartphone. The new product – HoyosID – uses the front facing camera and facial/eye recognition to create a biometric photo profile of a user. If the app can see you and the profile matches, you’re in.
The data is stored only on the mobile device and it’s heavily encrypted. Hoyos claims this automatically makes their product much more secure than fingerprint scanners or other biometric tools that are in the marketplace today. Their product is scheduled for release later this year.
Another company – Bionym – showcased a wristband that verifies a user and grants access based on an unusual and presumably unique identifier: a heartbeat. It’s programmed using a smartphone app and is scheduled for release in the consumer market around mid-year.
But there may well be a “killer app” in this field that is virtually unhackable, yet remarkably easy. It’s available now and is already being quietly used by some of the wealthiest people in the world. The “holy grail” for password simplification could very well be your own voice.
The company who has pioneered much of the voice command technology in use today is Nuance Communications, the Massachusetts-based firm whose vocal applications can be found in more than 5 billion mobile phones and over 70 million cars. The company provided this columnist with a private demonstration of their “voice print” technology (called Nuance VocalPassword) earlier this month at CES.
The demonstration was impressive. A simple spoken phrase such as “my voice is my password” is compared to a voiceprint stored in a system database. Nuance’s password technology can handle any language or accent. Significant noise could be an issue, especially if you’re trying to move money while sitting in the stands at a Seattle Seahawks home football game, but call quality is also factored into the software.
Nuance has invested in technology that can capture approximately 100 characteristics of the human voice. That would be a tall order for even the most ambitious hacker. And there is a built-in alert if someone managed to record you “voicing” a password phrase. Any voice print that sounds exactly like another is an automatic red flag, because it’s pretty hard to recite words exactly the same.
Even if someone managed to break into the files (they are not stored on the device), it wouldn’t do them any good. All they would get are the characteristics of the voice, not the voice or spoken phrase itself.
According to Nuance, VocalPassword has been used so far by their corporate customers to send wire transfers and by banks for their wealthiest clients. It’s understandable that transactions involving significant sums of money would demand something a little more sophisticated than the name of your favorite pet. “Our banking clients have customers who are buying and selling oil wells,” explained Brett Beranek, a Nuance manager.
According to Beranek, one of the institutions using voiceprint passwords today is Barclays Wealth. They began using it in 2012 and have not had one single case of fraud involving a VocalPassword protected account since.
The coming year could finally bring about meaningful change in password use and protection. We’ve been talking about ways to simplify security controls for a long time. Maybe now our devices are ready to listen.