Passwords, 2FA code generators, security keys and pin codes are common ways of securing accounts, but they're cumbersome for users and many banks in the USA and Europe are looking to other options such as Voice ID systems to offer frictionless logins.
Even as recently as a few years ago, voice-based ID systems made a lot of sense. However, recent advances in AI combined with the increasing popularity of social media mean it's easier than ever to impersonate someone's voice and gain access to their accounts. With as little as 30 seconds of audio taken from a Twitch stream, YouTube Video or TikTok post, an attacker can clone someone's voice well enough to fool a bank's ID system, or even a person's loved ones.
Currently, real-time exploitation of voice-based logins is rare. Attackers would need the technical know-how to clone a person's voice, access to recordings of that person speaking and enough knowledge of them to know who they bank with and some personal details such as their date of birth. This certainly isn't a high-security bar to jump over, but it's enough to make breaching an account harder than performing a simple username/password brute-forcing attack. As advanced machine learning algorithms become increasingly accessible to the general public, attacks like this will only get easier.
Biometric Security is Still an Option
So, if voice-based logins are no longer safe enough to use as a single authentication factor, what other options do people have? Well, it's still possible to offer biometric-based logins. At Auth Armor, we offer a variety of passwordless login options, including MagicLink email logins, and biometric logins via WebAuthn.
Using these solutions, users can access their accounts via their mobile devices, without having to enter a username or password. Passwordless authentication is easier for end users, and reduces the risk of account breaches, both through client-side attacks such as keylogging and through server data breaches.
Fingerprints and faces are harder to clone than voices. While it's possible to create deepfake videos of a person speaking that may convince the human eye, the sensors used in smartphone cameras to perform Face ID checks are looking at more than just a 'flat image', so they won't be fooled by a camera or a recording of a person.
Taking advantage of these technologies and using WebAuthn for authentication is an effective way of offering simple, frictionless and secure logins to your end users. Auth Armor's APIs are easy to integrate into your existing applications, and you can keep your current login system when you do so, giving users a chance to change their account over to the new system without losing access to your service in the short term.