Things are getting chatty – everywhere.
In Mary Meeker’s recent annual report on the State of the Internet, she dedicated a chunk of it to the liftoff of the voice interface. The voice UI makes human interaction with computers possible through speech. Think Alexa and Amazon Echo. While voice UI has been around for decades, over the years the accuracy of this technology continues to raise its profile. In 1970, machines could recognize words with just 10 percent accuracy. In 2010, it grew to 70 percent accuracy. In 2016, it jumped to 90 percent.
As its accuracy grows, it will naturally progress to a means of authentication in the enterprise. However, the enterprise should be concerned about the security implications of tomorrow and what managing voice authentication, in the daily work environment, will mean.
For instance, today 95 percent of companies and their employees use a typed password for their emails and devices such as their phone or laptop. A company manages these credentials and if there is a lost device or the employee leaves the company, IT can easily reset the password and reassign authentication.
In five years though, password usage is expected to diminish for the unique marker of using an individual’s voice for secure access. Plus, the added convenience relieves people of having to continuously remember and regularly change their passwords. IT may get a reprieve from employee emails saying “I forgot my password.”
However, organizations will have to think about how to protect their devices using voice. How will voice authentication be added, changed, or shared? What will that look like organization-wide? This emergence of the voice UI is bound to shake up how the enterprise approaches the protection of their content and overall security strategy.
Right now, companies like Google, Apple and Microsoft are honing in on voice UI innovation, and while this smart technology is bound for further usage, organizations don’t want to let it get too far ahead of them.
IT-leaders and decision-makers considering voice as the new password, should also see they are not ready. If you are going to adopt, think slow adoption, so if there are speed bumps along the way to implementing new security operations they can be tested, re-tested and contained if necessary.
Slow adoption is how enterprises dealt with the consumer adoption of the iPhone. For a period of time, organizations did not want their employees to access work email on their personal devices. Consumers were stuck carrying two phones, Blackberry for work and iPhone for personal use. As consumers rush to adopt voice authentication, this means IT departments will be forced to handle these security issues whether they want to or not.
Once the iPhone became a mobile mainstay, straddling both business and consumer activity, mobile app companies were not far behind to advance their security measures. Twitter, which is accessed via mobile by more than 70 percent of its hundreds of millions of users chose to implement two-factor authentication.
Two-factor authentication adds a second level of verification to an account log-in. The additional credential can be an additional piece of information known by the user such as a phone number or owned by the user like a biometric. The added layer of security can trump the action of a hacker selling your information to leverage for their own nefarious means in other attacks or worse, exploit your personal information.
If it seems like a hassle, it can be. Plus, there is a dilemma with hackers that pretend to be users and request to recover sign-in credentials – it’s a bit too easy.
Despite its flaws, two-factor authentication is here to stay and it is part of the larger movement of maturing multi-factor authentication. For instance, biometrics are one way to solve the credential recovery issue. If your fingerprint or voice is required to get back into a locked phone or forgotten account, it is unique to you and you no longer need to search for forgotten passwords or old phone numbers. Your unique biometrics, like your voice, makes recovery access much easier.
No matter how good passwords are, how good the voice tech is, it’s always better to have a second factor of authentication. It may not stop every attacker, but creating more than one layer of authentication certainly creates a roadblock for many of them.
Remember, fraudsters are always looking for the next easy target. The voice UI’s appeal of unique authentication, is also another avenue for criminals to explore and exploit. And when, not if, but when they figure out how to hack it – you do not want to be the company that did not listen to the warnings to safeguard your business.