Passwords have never become easier have they?
Even more recently things like password managers have aimed to try and make it easier AND more secure.
Like with most things though, it might be too good to be true after all, and password managers have now run into a huge slew of recent intrusions.
(source:https://www.tomsguide.com/uk/news/password-manager-hacks)
It seems like passwords are getting increasingly difficult to enter while at the same time getting easier for people to attack and exploit.
Fingerprints as passwords some say are the future, yet, even these are not perfect by any means.
In fact, there are very valid arguments proving fingerprint verification is likely the least safe of all password alternatives out there.
(source: https://lifehacker.com/are-fingerprint-scanners-really-more-secure-1385306776)
What the f%&$ else is there then?
Verbal Passwords
Verbal passwords are not a new thing at all and many places have (and probably should) traditional means of a verbal password to protect people.
In the traditional sense of a verbal password, a caller would phone a live agent who then enters or visually confirms the verbal password set.
If you are unable to confirm the call is kindly disconnected!
The only problem with the traditional sense of verbal passwords is that the live agent answering the phone could easily confirm the password for anyone calling in posing as the real owner.
This is all due to human error! The phone agent could easily and mistakenly confirm either out of frustration or pure lack of training.
Whatever the case may be, it is not very secure to let your security lie in the cards of whoever happens to answer the phone that day.
Verbal Passwords may have been long forgotten, but with more technology working in tandem with each other to confirm identity.
A new age for verbal passwords could soon be here!
And we have already seen many places start to use such a thing.
(source: https://bitcoinira.com/how-it-works)
A new form of verbal passwords used a mixture of the traditional sense of verbal passwords and enhances them with blockchain!
The same technology used to identity songs or sounds is now currently being implemented into identification verification systems.
Telecommunications systems are slowly but surely looking into and adopting these measures.
It allows places like banks to confirm an account holder's identity simply by making them speak!
Users would eventually get to a point where they say a Verbal Password that is sent back to the bank to see if it matches their records.
Which is great!
The only issue with this is, it would have to work very well for it to actually work.
Not to be a party pooper neither, but even though this could potentially remove a lot of the human error aspect of this layer of security.
Doesn't it also pave an easier way for skilled engineers to recreate or replicate someone's voice to match what is on file?
Or does it truly make it more difficult because someone has to both mimic a voice, and an understandable passphrase?
That's where we are at today!
That latter is being discussed and all ideas are up in the air at this time but places currently trying to publicly use them will definitely find out eventually.
I am both skeptical and hopeful for Verbal Passwords to become a normal thing.
For me, I believe all it would take is for someone to overhear or snoop into my conversation when having to make such a phone call or voice verification.
Then again, maybe there is something else that I am missing that makes this the best solution of them all.
For example, a highly-skilled, and highly secure system not only recognizes callers by their phone number and voice, but they also recognize the caller based on many other important key factors that must be there in order for someone to proceed.
First, your phone number, nextly your voice, your name, your location, your device, your overall digital footprint, and lastly your passphrase.
This sounds complicated but for a user, it is actually a lot more simple!
All of the hard work is being done under the hood on a company's blockchain-like security log-in system.
It is a lot more difficult for a cyber attack to take place with all of these verification methods enforced.
But!
Only as long as all of them are enforced all the time no matter what. Which is another level of difficulty with this issue...
However, I do believe it might be worth exploring especially with the rise in A.I in our midst.
For someone to commit fraud under these conditions, they would need a whole slop of information about the person, they would have to have found out the passphrase in some way, and lastly, they would also have to mimic the voice of their victim for the entirety of every single question.
Anytime the A.I. recognizes someone other than the original voice they first heard on the line. A red flag would need to be stamped to the interaction possibly even disconnecting the phone call.
Even crazier, after so many failed attempts an account could be locked out for a period of time.
Whew!
That's pretty stressful...
That really only makes it bad for people trying to pose as their victims, or it also makes it bad if for some reason the AI doesn't recognize you.
If recovering an account becomes an issue, I'm not quite sure that would entail.
That's a pretty far thought to have at this point in time sadly!
For now, however, only time will tell, and I predict we may start seeing this technology a lot more.
I would even go as far to say as it could be one of the first things that really start to drive bank tellers out of branches as they slowly get replaced by Alexa-like ATM's.
Maybe not any time soon, but I can't imagine it not happening eventually.
