Three-factor authentication using voice biometrics

PhoneFactor announced biometric verification for its phone-based authentication platform. By leveraging an existing voice channel, the new offering simultaneously verifies something you have, your telephone, and something you are, your voiceprint, for the second and third factors of authentication.

With IT security threats at an all-time high, utilizing three separate factors to authenticate user access is more than a best practice. For many organizations, it is a necessity. However, in most cases a biometric reader, such as a fingerprint scanner, must be installed on each end user’s system. The cost and IT resources required to purchase and deploy biometric readers created an often insurmountable challenge.

With PhoneFactor’s new offering, no biometric readers are required. The user’s voiceprint is simply verified during the PhoneFactor authentication call.

Simple for end users and IT administrators

Users simply receive a call when logging in. They answer and speak their passphase to complete the login. That’s it. For IT administrator, the process of enrolling users is equally simple. Voice authentication services can be enabled for all or just specific users. Once enabled, users can enroll through the PhoneFactor User Portal or during their first authentication call. To complete the enrollment, users just record a passphrase.

Biometric verification

Like a fingerprint, each individual’s voice is unique and has characteristics, such as pitch and rhythm, which can be mapped and used to verify identity. PhoneFactor’s voice mapping model uses multiple voiceprint algorithms to ensure that authorized users can be verified regardless of environmental factors, like excess noise or minor voice variations, while keeping unauthorized users from being authenticated. The authentication call is out-of-band offering protection from man-in-the-middle attacks and keystroke loggers.