Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should Brokers Use 'Voice Prints' For Stock Transactions? (cnbc.com)

Posted by EditorDavid on from the voicing-concerns dept.

Fidelity and Charles Schwab now allow traders to use "voice prints" to authorize stock transactions. But there's more to the story, argues long-time Slashdot reader maiden_taiwan: Fidelity Investments is touting its new security feature, MyVoice, which allows a customer to access his/her financial accounts by telephone without a password. "When you call Fidelity, you'll no longer have to enter PINs or passwords because Fidelity MyVoice helps you interact with us securely and more conveniently. Through natural conversation, MyVoice will detect and verify your voiceprint in the first few moments of the call... Fidelity MyVoice performs even if you have a cold, allergies, or a sore throat."

Based on my own experience, Fidelity now enables MyVoice automatically for its customers who call in for other reasons. Apparently, their conversation with Fidelity customer service provides enough data for MyVoice to recognize them. (Customers are informed afterward that MyVoice has been enabled, and they can opt out, although they aren't told that opting out is possible.)
It's not clear whether Fidelity is creating voice profiles of their customers without asking first. (Fidelity's site says only that their representatives will "offer" to enroll you the next time you call.) But the original submission ends with two more questions. "In an era where Apple's face recognition is easily defeated by family members, is voice recognition any more secure?"

And "Is a 'voiceprint' even possible?"

64 comments

  1. Hi, my name is Werner Brandes. My voice is my pass by Joe_Dragon · · Score: 4, Funny

    Hi, my name is Werner Brandes. My voice is my passport. Verify Me.

  2. Bell Canada system is easy to hack by Joe_Dragon · · Score: 1

    https://www.youtube.com/watch?...

    1. Re:Bell Canada system is easy to hack by Anonymous Coward · · Score: 0

      Does Stevie Nicks sound like an 80-year-old chain smoker?

    2. Re:Bell Canada system is easy to hack by Anonymous Coward · · Score: 0
      How to Shove a Yoda Doll up your ass! The 9 Step Greased Up Yoda Doll Shoving process. Go Linux! Tsarkon Reports

      9 steps to greasing your anus for Yoda Doll Insertion!
      v 4.98.0
      $YodaBSD: src/release/doc/en_US.ISO8859-1/yodanotes/9stepprocess.sgml,v 4.98.0 2016/10/30 13:30:20 tsarkon Exp $

      1. Defecate. Preferably after eating senna, ex lax, prunes, cabbage, pickled eggs, and Vietnamese chili garlic sauce. To better enhance the pleasure of this whole process, defecation should be performed in the Return of the Jedi wastebasket for added pleasure.
      2. Wipe ass with witch hazel, which soothes horrific burns. (Rob "CmdrTaco" Malda certifies that his lips, raw like beaten flank steak from nearly continuous analingus with dogs, are greatly soothed by witch hazel which makes it perfect for the anus after diarrhea.)
      3. Prime anus with anal ease. (Now Cherry Flavored for those butthole lick-o-phillic amongst you - very popular with 99% of the Slashdotting public!)
      4. Slather richly a considerable amount of Vaseline and/or other anal lubricants into your rectum at least until the bend and also take your Yoda Doll , Yoda Shampoo bottle or Yoda soap-on-a-rope and liberally apply the lubricants to the Yoda Doll/Yoda Shampoo/Yoda Soap-on-a-rope. You may need your gay squire/lover to help with this since your fat corpulent ass cannot do a self-reach-around.
      5. Put a n1gger do-rag on Yoda's head so the ears don't stick out like daggers!
      6. Make sure to have a mechanism by which to fish Yoda out of your rectum, the soap on the rope is especially useful because the retrieval mechanism is built in.
      7. Pucker and relax your balloon knot. Doing Kegel exercises several times actuating the sphincter muscle and relaxing it will help prepare your ass for what is to come.
      8. Slowly rest yourself onto your Yoda figurine. Be careful, he's probably bigger than the dicks normally being rammed up your ass!
      9. Gyrate gleefully in your computer chair while your fat sexless geek nerd loser fat shit self enjoys the prostate massage you'll be getting. Think about snoodling with the Sarlaac pit. Read Slashdot. Masturbate to anime. Email one of the Slashdot editors hoping they will honor you with a reply. Join several more dating services - this time, you don't select the (desired - speaks English) and (desired - literate). You figure you might get a chance then. Order some fucking crap from Think Geek. Suck and gag on a Dr. Who sonic screwdriver like it was the Doctor's dick in your mouth. Get Linux to boot on a Black and Decker Toaster Oven. Wish you could afford a new computer. Argue that cheap-ass discount bin hardware works 'just as well' as the quality and premium hardware because you can't afford the real stuff. Make claims about how Linux rules. Compile a kernel on your 486SX. Claim to hate Windows but use it for World of Warcraft. Admire Ghyslain's courage in making that wonderful Star Wars movie. Officially convert to the Jedi religion. Talk about how cool Mega Tokyo is. Try and make sure you do your regular 50 story submissions to Slashdot, all of which get rejected because people who aren't fatter than CowboyNeal
    3. Re: Bell Canada system is easy to hack by Anonymous Coward · · Score: 0

      Fckng masterpiece.

      I salute you.

  3. Yes! by olsmeister · · Score: 1

    I can't wait to clean out my identical twin's account.

  4. Not secure at all by Anonymous Coward · · Score: 1, Insightful

    This isn't secure at all. There are at least a couple of problems.

    A recording of a person should be able to fool the system. Given that just about everyone uses their voice, they are leaving information behind that could be used to compromise their account. Given enough voice recordings, you could stitch them together to compromise a person's account.

    Also, even if you don't have the exact recording you want, given enough samples of a person's voice, you can use a computer to make a recording of a person saying anything. This is how Majel Barrett is the computer voice in Star Trek Discovery despite having passed way years ago. People who speak publicly a lot are providing lots of samples that could be used to compromise their accounts. In principle, if you give a talk and upload it to Youtube, you're posting a sample of your voice online that could potentially be used against you.

    This seems even worse than many other biometrics like facial and fingerprint recognition.

    1. Re:Not secure at all by Anonymous Coward · · Score: 0

      I think that as an added measure it's not too bad, but what kind of moron calls in an order these days anyways.

      If you're going to do authentication, you're better off doing it out of band, like over the internet while on the phone, the options for online are so much better. They could have you log into your account and read off a OTP to authenticate. If somebody already has access to your account that way, you're already screwed.

    2. Re:Not secure at all by Lanthanide · · Score: 2

      "This is how Majel Barrett is the computer voice in Star Trek Discovery despite having passed way years ago."

      Er, no.

      Firstly, it doesn't sound anything like her. Secondly, if you actually looked at the IMDB credits page:
      Julianne Grossman ... Discovery Computer
      Tasia Valenza ... Shenzhou Computer

      Making crap up to reinforce your point is a good way for people to ignore your entire argument.

    3. Re:Not secure at all by currently_awake · · Score: 1

      Biometrics is like having a really long password, written on your shirt. But it's so long, nobody could ever guess it!

    4. Re: Not secure at all by Anonymous Coward · · Score: 1

      It sounds like Star Trek Discovery chose not to use Majel Barrett's voice for the computer voice. However, it was reported while the show was under development that they wanted to do so. There are plenty of sources that you can find with a simple search to back this up.

      So, basically I made an error by not verifying that they had gone through with using Majel Barrett's voice. However, your reply was rude and contributes to the lack of civility in these discussions. I'll admit that I was wrong, but it was an honest mistake. Your tone was uncalled for.

    5. Re: Not secure at all by Anonymous Coward · · Score: 0

      You, rude sir, got my dander up, you scoundrel you!

    6. Re:Not secure at all by Anonymous Coward · · Score: 0

      Certain kinds of trades require live interaction with a broker, at least today. For example, if you have a 529 plan to pay for your child's college education, and you want to convert some shares into cash but continue to hold them in the 529 account, there is no web interface for doing so at Fidelity. Likewise, if you want to withdraw shares from a 529 plan (e.g., to pay a tuition bill) but control the proportions of stock & cash that are sold, you need a broker because the proportions are preset and uneditable via the web. I don't know why these operations are not permitted via web, but 529 plans have all sorts of federal regulations concerning how the funds may be used, so perhaps there's a reason.

      Tip: Before you call someone a moron, consider doing a little research.

  5. "Willard White speaking" by fustakrakich · · Score: 1

    Oh goodie! This should be easy!

    --
    “He’s not deformed, he’s just drunk!”
  6. Voice prints seem kind of doable by CustomSolvers2 · · Score: 1

    Recognising random words with random accents and under random conditions is difficult, but a list of specially-selected words said by the same person might allow to relatively easily and accurately recognise someone. I am not sure regarding their claims of everything working fine even when the person has a cold or similar; same thing when dealing with background noise or low quality sound. In any case, it seems a quite problematic format which, unless being deployed for a very good reason and always used under good conditions, should be avoided.

    --
    Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    1. Re: Voice prints seem kind of doable by Anonymous Coward · · Score: 1

      There's a problem with this. The summary specifically says that this eliminates the use of a password.

      If voice recognition was used along with a password, it's another layer of security. Used in that manner, it couldn't weaken the system, but it could make it stronger.

      In your example, the authentication system would ask you to repeat a particular word or words. That's a problem. All you need to do is get a recording of the person using those words, and the system has already told you what those words are.

      This could be used to harden existing security measures, but it shouldn't replace them.

    2. Re:Voice prints seem kind of doable by CaptainDork · · Score: 1

      Retired electronic technician here.

      Voice patterning calls for clipping the amplitude of the signal and analyzing the frequencies along the baseline.

      Further filtering eliminates the constant, repetitive, background noise.

      It's a sophisticated technique that's been around for many tears.

      When I was in the Navy (US), we listened for submarines using aircraft and sonobouys, eliminating sounds from schools of fish and shrimp, and even our own carrier.

      Regarding TFS, the answer is:

      Brokers should do whatever it takes to run their business, as long as it works.

      --
      It little behooves the best of us to comment on the rest of us.
    3. Re: Voice prints seem kind of doable by CustomSolvers2 · · Score: 1

      The summary specifically says that this eliminates the use of a password

      I would never suggest to implement this system for any serious matter, much less without including a password or further security. All what I said is that it seems technically doable and easier than what it might look.

      All you need to do is get a recording of the person using those words

      But this is pretty much the same than saying that you can type the password of the person. Logically, those words have to be secret. Also not too sure whether a recording could trick a properly-built system. Again, my post was about what I think that is an easy and reasonably accurate approach to face this, not about recommending its implementation.

      This could be used to harden existing security measures, but it shouldn't replace them.

      Fully agree.

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    4. Re:Voice prints seem kind of doable by CustomSolvers2 · · Score: 1

      Further filtering eliminates the constant, repetitive, background noise.

      Background noise/low quality sound is a tremendous problem when dealing with any kind of automated sound recognition. You always try to filter/remove, but can do that mostly in easy scenarios (all what is constant or regular is usually easy) not everywhere. Additionally, the most fine-tuned the recognition, the more relevant become these aspects. In any case, I only said that I wasn't sure about how well a system on these lines could handle these issues (how easy the implementation would be), not categorically stating whether it could (not) deal with them.

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    5. Re:Voice prints seem kind of doable by Anonymous Coward · · Score: 0

      I've had filters like that render my voice nearly completely inaudible on some systems. It's bad enough that neither the computer nor actual live people can hear me because my voice gets filtered out along with the noise.

      It's supper annoying and AFIAK, yelling on the phone has minimal effect on how loudly you sound on the other end.

    6. Re:Voice prints seem kind of doable by CaptainDork · · Score: 1

      Understood and appreciated.

      I was addressing the point about reliability.

      It's a very mature process. I was in the Navy ca. Moby Dick Was A Minnow (1965-1974).

      We analyzed all manner of sound waves (and radio as well).

      For example, we captured the sound signatures of all submarines we could, especially Russian.

      Each vessel had characteristic audio that came from cavitation, reefers, bad bearings, pumps, etc.

      Sound recognition has come a long way since then.

      --
      It little behooves the best of us to comment on the rest of us.
    7. Re:Voice prints seem kind of doable by CustomSolvers2 · · Score: 1

      For example, we captured the sound signatures of all submarines we could, especially Russian.

      These are completely different scenarios. On one hand, you are analysing a set of more or less clearly defined situations (noises made by submarines) under quite favourable conditions (silent sea) and outputting a simplistic conclusion (submarine or not). On the other hand, you have a huge variety of different possibilities (words, accents, pronunciations, voices, etc.) under potentially very negative conditions (bad-quality audio, person not talking clearly or being ill, typical-modern-society random noises, etc.) and outputting the best match out of a huge number of options some of them being very similar to each other (the exact word). Even though the underlying theory might be somehow similar, detecting submarines and accurately recognising speech/words are completely different beasts.

      Sound recognition has come a long way since then.

      There have been lots of improvements there and in many other fronts. All what is related to computers/software is systematically evolving, much faster than anything else. The problem here is that you are over-simplifying the reality by assuming that "sound recognition" is a well defined problem accepting a binary solution (already solved or not). You can take any voice recognition system out there and see it for yourself: there are lots of limitations and even the most advanced approaches are still very far away from doing what a person does.

      Some months ago, I wrote here some posts about the problems I faced while trying to rely on existing voice recognition systems to perform certain development. Even though I knew that voice recognition was very difficult (that's why I looked for an already done piece of software rather than developing this part myself), I was honestly expecting a higher accuracy than what I found. In fact, there was an issue which forced me to stop that development: it was impossible to recognise meaningless words (e.g., "var1") because most of current approaches are dictionary-based (can recognise English words if English is enabled, Spanish words if Spanish is enabled, etc.). In any case, I insist in the fact that my original post was meant to highlight that this specific specific situation of recognising a person based on how certain words are said seems quite easy; way easier than random speech/word recognition.

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    8. Re:Voice prints seem kind of doable by Anonymous Coward · · Score: 0

      Regarding TFS, the answer is:

      Brokers should do whatever it takes to run their business, as long as it works.

      And if it fails to work and your share portfolio is cleaned out, who's liable for the financial consequences?

  7. There is a better choice by bobstreo · · Score: 1

    Blood samples, an ounce or two per transaction should be sufficient.

  8. So a cold might financially ruin me? by Maxo-Texas · · Score: 2

    Oops- I have to make a transaction but I'm hoarse from a cold, or a concert, or a car accident... guess I just go bankrupt.

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
    1. Re:So a cold might financially ruin me? by Enigma2175 · · Score: 1

      If car accidents are making you hoarse, you probably need to stop giving so much road head.

      --

      Enigma

    2. Re:So a cold might financially ruin me? by Maxo-Texas · · Score: 1

      Oh I've seen it several times. Car accidents sometimes do "very bad things" to your neck.

      --
      She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
  9. No, by Anonymous Coward · · Score: 0

    as usual.

  10. Yes! by Anonymous Coward · · Score: 0

    Especially for HFT!

  11. Of course it's possible - I recognize hundreds by raymorris · · Score: 2

    Whenever a friend or family member calls me, I can recognize their voice even WITHOUT them telling me who it is. So yes, of course it's possible to recognize voices, especially when the person says their name, so you're only confirming yes / no to a particular identity, not trying to figure out who it is.

    A few things need to be done to make it more secure than it would be without them. The biggest one is a challenge - they should be prompted to say something they wouldn't predict ahead of time, in order to foil recordings. You could probably get a recording of me saying my nams, "Ray Morris" if you knew ahead of time what you needed me to say, but of the system asks random questions like "where do you work?" it would be tough to have a recording prepared for every possible question.

    One should also factor in other indicators such as caller ID and anamoly detection. If the person calls every month and does a $5,000 transaction, the next time they do the same thing is probably legitimate. If they are trying to do something out of the norm, stronger verification is called for. Many weak authenticators combined end up pretty strong, if the weak indicators are reasonably independent.

    1. Re:Of course it's possible - I recognize hundreds by CustomSolvers2 · · Score: 1

      Whenever a friend or family member calls me, I can recognize their voice even WITHOUT them telling me who it is

      But you aren't a computer! Your perception and understanding systems are waaaaaaay better than the ones of any machine. Computers and software are good for (quickly) performing a high number of simple tasks, but not for complicated ones (at least, not practically in the sense of nobody being able/willing to develop all the required algorithms). Recognising the voice of someone under random conditions is a quite complex action. There are many things that are extremely simple for you, but extremely difficult for a computer.

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
    2. Re:Of course it's possible - I recognize hundreds by omnichad · · Score: 1

      Hollywood and others already have the tools to recreate a voice without the person present - saying any word. And Caller ID can be spoofed trivially. ANI cannot as easily, but that also probably wouldn't work for brokers in a company using a multi-line phone system.

    3. Re: Of course it's possible - I recognize hundreds by Anonymous Coward · · Score: 0

      But you aren't a computer! Your perception and understanding systems are waaaaaaay better than the ones of any machine. Computers and software are good for (quickly) performing a high number of simple tasks, but not for complicated ones (at least, not practically in the sense of nobody being able/willing to develop all the required algorithms). Recognising the voice of someone under random conditions is a quite complex action. There are many things that are extremely simple for you, but extremely difficult for a computer.

      You are a fucking idiot.

      This kind of analysis is exactly what computers are best at doing.

      Entire countries have been using voice prints for access to government services for years.

    4. Re: Of course it's possible - I recognize hundreds by CustomSolvers2 · · Score: 1

      You are a fucking idiot.

      ?! How could I argue against such a powerful argument?! I don't know... I will continue reading your post to see if I can find any weakness in your perfect-so-far speech. LOL (-> to help you understand that I am joking, because you seem so stupid that might not get that point without some help).

      This kind of analysis is exactly what computers are best at doing.

      Seriously? Can you please explain then why all the speech recognition systems out there output ridiculous interpretations on a more or less regular basis and under virtually any scenario? Can you also explain me why you cannot make almost any of those systems (certainly not the ones I tested) recognise non-valid words? If I say to you "var1" or "functionA" or "asdaf" you would understand it, why these systems cannot? I look forward to reading a new sample of your wisdom helping me understand these issues better. Please, illustrate me, wise one. LOL.

      Entire countries have been using voice prints for access to government services for years.

      I am not sure what is exactly wrong with all the commentators in this thread, but none of you seemed to have read/understood my original comment. I will repeat it once again: the whole point I have been trying to make since the very first moment is that associating a specific set of words with certain person seems reasonably easier, way easier than random speech/word recognition. Even though, this is a quite problematic format: sound is a much more complex input than text and is provided in a much more uncontrolled/problematic/trickable environment than just typing whatever.

      In any case and despite my aforementioned ideas of assuming that this specific implementation is relatively easy, I seriously doubt that these systems have been deployed at a relevant level, much less when talking about high-security, governmental bodies (which are usually late adopters of new technologies mainly of those not providing any noticeable improvement). As second or third level security confirmation under highly controlled conditions? Why not? Governments doing that? Without any publicity ("look how modern we are")? Very unlikely. This is, by definition, a less secure system; it doesn't even add a relevant level of comfortability for users. It is mostly meant to look cool/modern. Basically, what happens in (James Bond) movies. Might perhaps your wise knowledge come from that source, wise AC? Are you bringing to this conversation all what you know from your dreams, someone-told-me-so and the last spy movie you watched? LOL

      --
      Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
  12. Is voiceprint more secure than what? by thegarbz · · Score: 1

    The problem with telephone anything is that you typically have to say your password aloud within earshot of anyone who is listening, into a device that is easily spied on through a network with known flaws.

    It's probably not more secure than FaceID, but that's not the benchmark. The benchmark is a shitty phone password, or god forbid basic details such as your date of birth, your mother's maiden name, and your current address.

  13. Um... by YuppieScum · · Score: 2

    "Is a 'voiceprint' even possible?"

    Yes, given a standardised high-quality microphone in a controlled, acoustically-neutral environment, directly connected to the analysis system.

    However, in the case of audio captured in random-background-noise environments from variable (generally average-to-poor) quality microphones, frequency-constrained and compressed (in the analogue sense) then, in the case of a land-line, pushed down a mile or so of dodgy copper or aluminium before being encoded and compressed (in the digital sense), then punted through a variety of systems before being re-constituted at the receiving end, and then being able to reliably identify one person from another with sufficient accuracy to legally enter into a contract... no.

    I think Rory Bremner (substitue your locally-well-known impressionist) is going to become incredibly wealthy.

    --
    This sig left unintentionally blank.
    1. Re:Um... by Anonymous Coward · · Score: 0

      A Very Large Bank I used to work for implemented a state-of-the-art fully-automated voice recognition password reset system.

      To demonstrate how bad it was, I took a voice recorder, called someone who was away from his desk, and recorded his message. Then called the reset number, entered his network ID via the phone keypad, and played his name back. The system obligingly reset his password for me.

      Gawd, no, this is a spectacularly bad idea, on its own. Single key authentication is pathetic. As is the fallacy of perimeter security.

  14. Doris Day movie shows problem with voiceprints by Anonymous Coward · · Score: 0

    I think it was the 1966 movie "The Glass Bottom Boat" which had a voice-activated safe. A portable tape recorder opened it...

  15. Might be difficult, but certainly possible. Eviden by raymorris · · Score: 1

    > Recognising the voice of someone under random conditions is a quite complex action. There are many things that are extremely simple for you, but extremely difficult for a computer.

    It may or may not be *difficult*, but it's definitely *possible*. If anyone has any evidence that this task is particularly difficult for a computer, much more difficult than it is for a human, I'd love ot see that evidence. Or evidence to the contrary. If voice recognition actually is that hard for modern computers, there is an opportunity there to serve humanity and make a lot of money by leveraging that fact.

  16. Thiiis Isss Warren Buffettt Speaaaking by dryriver · · Score: 1

    I heereby authoriiize the purchasse of 50 Billion Dollarrrs wörth of stöck from theee Amazingleee Reliabble Inveeestment Fünd of Lagosss, Nigeriaaa. Pleaase sendd they möney in unmarkked fifteee Döllarr billls to P.O. Box 65631 att one-theee-five Revolütiön Röad in Lagoss Nigeeeria.

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
  17. "Voice Activated" by Anonymous Coward · · Score: 0

    Apparently people still talk to brokers to initiate stock trades.

  18. Story seems inaccurate to me by stevel · · Score: 1

    I am a Fidelity customer. I received a mailing from Fidelity describing the My Voice feature but it said I had to call in and specifically request that it be enabled. Fidelity is NOT enabling it by default for customers, at least based on what I can see.

    However, this is not entirely a seamless experience. When you call in, you still have to enter your username or SSN using the phone keypad (for a username, you press the digit the letter is on, case doesn't matter, and * for special characters. Without My Voice, you also enter your password this way! Since I have a strong, unique password I ended up creating a note in LastPass with the keys to press.) Then you have to speak to have it detect your voice. I was told I could unenroll at any time.

    I'm not exactly thrilled with voice being the authentication mechanism, but it's better than what they had before. Fidelity, at least, doesn't use 2FA for typical operations; their web site says they may ask for it (a code sent by SMS, I'd guess) for certain transactions, but they've never asked me for this in the past.

    1. Re:Story seems inaccurate to me by stevel · · Score: 1

      Ah, reading too fast. The story seems ok, but my experience doesn't match that of user maiden_taiwan.

    2. Re:Story seems inaccurate to me by maiden_taiwan · · Score: 1

      I am the submitter of this story, and the details are correct. Here is the timeline of events as I experienced them.

      1. I phoned Fidelity. A recording informed me that my rep would discuss MyVoice with me.
      2. I spoke with the rep and conducted my financial business. MyVoice was not mentioned yet.
      3. At the end of the call, the rep said to me, "We've enrolled you in a wonderful new security feature called MyVoice," and proceeded to describe it. She said that Fidelity had sampled my voice during the call to create a voiceprint. (Note that I was NOT asked first.)
      4. I asked, "Can I opt out?" The rep was audibly surprised at my request, and said, "Yes, you can." So I opted out.

      Some time later, I called back to check that my account still requires a password. It does. So the opt-out was successful.

    3. Re:Story seems inaccurate to me by maiden_taiwan · · Score: 1

      Cool, thanks for the follow-up!

    4. Re:Story seems inaccurate to me by stevel · · Score: 1

      I'm not doubting you, just stating that my experience was different. MyVoice was not mentioned at all until I brought it up, though the agent did say he had intended to ask if I wanted it.

    5. Re:Story seems inaccurate to me by Anonymous Coward · · Score: 0

      Well, they enabled it for me without asking for permission. Later when I called in and found out they were using it, I had them disenroll me.

  19. Maybe. Verge is slightly less reliable than Enquir by raymorris · · Score: 1

    The start up mentioned in the Verge story may or may not develop a usable product, but in my experience Verge is slightly less reliable than National Enquirer. For example, the last two network neutrality stories posted here in the last few days have been from Verge, and both have been utterly full of shit.

  20. Usual biometry defect by manu0601 · · Score: 1

    As any biometric system, this uses non revocable public data as authentication credentials.

    Once someone manages to fool the system, there is no password change, the whole system must be replaced.

    1. Re:Usual biometry defect by Anonymous Coward · · Score: 0

      well, they at least got to bully their geeks pointing this out far in advance, and the big bonuses

    2. Re:Usual biometry defect by Anonymous Coward · · Score: 0

      So if this is impossible, how did it used to work?

      You had a personal relationship with a broker. He made a judgement call if the person asking for a transaction was legit. The transaction was followed up with paper and a settlement period. This places a limit on customers per broker which sets a high cost floor, but the relationship caused a rolling set of current events which in effect swapped the credentials over time. There was a small residual risk, but the customer didn't see this.

      Then dialup computers came around and passwords and terms of service with clauses requiring the user to take reasonable precautions with their computer. Still a small residual risk, but it was generally unseen.

      Now call centers and voice recognition eliminated the personal relationship. So there is only the stuff Equfax published, biometrics, and secrets you know and have. Eventually AI will get us back to the relationship solution. In the meantime, reasonable precautions and the provider accepting a residual risk are what we have. Biometrics depend on the secrecy of the unchangeable metric, which is a really low bar. Given the hackability of the phone network, using a text on the cell phone is a similar story.

      That leaves checking statements, passwords, hardware tokens, and personal relationships. Pick 3 and there is relatively small residual risk. The Fidelity plan sounds like Pick 2, degrading to Pick 1 if folks don't watch their statements..

  21. And for those who can't speak? by antdude · · Score: 1

    I assume speech impediments are OK.

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  22. My word is gold by Anonymous Coward · · Score: 0

    It has been decreed that claiming innocence is proof enough of it. How is claiming that you are you any different?

    Therefore, there is no need even for a voice print. Just ask them their name and use recognition. Who would lie?

  23. Re:Maybe. Verge is slightly less reliable than Enq by omnichad · · Score: 1

    The source was just the first that came up in a Google search for Lyrebird. There are others.

  24. Completely unreliable by Anonymous Coward · · Score: 0

    So let me understand this. They want to make your voice your password. Over telephone-quality line transmission. With a big fuzz factor for illness etc.

    Hell, anyone with a digital recording device and a few moments to spare with some free audio software is gonna be rich...

  25. Ah, the voiceprint... too much scifi tv watching. by Anonymous Coward · · Score: 0

    Seems a large number of engineers get their ideas of the future by watching Star Trek and they don't realize it was just a TV show with actors and sets and props.

    People thus inspired often forget to think things through because the writers of the show did not show the problems in their hour-long dramas.

    The voiceprint is one of those ideas that seems so great and futuristic, and seems a perfect solution to security in an automated scheme - but there are numerous problems. First, like many such schemes, the ideal form will not be utilized; managers will demand corner cutting to save money and the voices will not be "printed" with sufficient resolution to guarantee total accuracy. Second, these schemes often overlook the basic fact that a random sampling of real "icky" oozy, dirty, imperfect human meatbags are a vital element and these elements get sick, disabled, drunk, etc. Just how do you make a voicepring scheme that's so bulletproof it will never let the wrong person through, while also being so flexible it can handle any correct person with any of a nearly unlimited number of conditions that alter the voice? How about when a valid user is having radiation treatment for throat cancer and her salivary glands are killed off? How about the person who is having bad allergy problems?

    I'm sorry, but a great many new tech product of the past decade or so seem to have been cooked-up by people in their mid-twenties whove never known a sick or handicapped person, and who live in big cities with mass transit and ubiquitous high-speed internet access. Such morons have no real-worl life experience and are too-often caught flat-footed when encountering an ordinary person. I am reminded of the young Obamacare person who was reported several years ago telling an older farmer in the midwest how to sign-up and as part of the instructions asked for the farmer's e-mail address, only to be baffled by the response of "what's 'e-mail'?"

  26. Re:Might be difficult, but certainly possible. Evi by CustomSolvers2 · · Score: 1

    It may or may not be *difficult*, but it's definitely *possible*

    I never said that it was impossible. In fact, the whole point of my original post was highlighting that it was easier than it might look like. Current voice recognition software (just recognising each word as a person would do) has lots of limitations; on the other hand, developing an acceptably reliable approach determining whether certain words were said by a given person or not doesn't look too difficult.

    --
    Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
  27. I want a hardware token by blindseer · · Score: 1

    These attempts at using a fingerprint, voiceprint, or "faceprint", always seem to be broken. It has to account for both natural variation but not too much or it's easily broken. I'd like to see more use of those random number generator tokens for verification. They are highly secure and seem pretty simple to use.

    If reading a number from a tiny screen is too hard then have the token beep out the touch tones with a button press, or put in a USB interface to type it in for the user. If the device used for the transaction has a camera then put the key in view and let the device read the numbers for the user. I know these things can get lost but then so can a lot of things, keep them small so people can put them in a wallet or on a keyring. People lose wallets and keys too but they also tend to keep these things with them and notice quickly when they are missing.

    I suspect that hardware tokens are difficult to manage and therefore have a high cost. This cost is most likely what keeps companies from using them more often. At some point the desire for security and the cost of implementation will meet at a point where hardware tokens become attractive. Right?

    --
    I am armed because I am free. I am free because I am armed.
  28. Computer.. by steveb3210 · · Score: 1

    "Computer, begin auto-destruct sequence, authorization Picard 4-7 Alpha Tango."
    "Computer, Commander Beverly Crusher. Confirm auto-destruct sequence, authorization Crusher 2-2 Beta Charlie."
    "Computer, Lieutenant Commander Worf. Confirm auto-destruct sequence, authorization Worf 3-7 Gamma Echo."

  29. Re:Hi, my name is Werner Brandes. My voice is my p by Anonymous Coward · · Score: 0
    You choose to quote from that movie and yet ignore its best quote?

    I'll join you as soon as I'm through pounding these breasts.

  30. Useless by pauljlucas · · Score: 1

    There is nothing more useless than a lock with a voiceprint. -- Fourth Doctor, The Invasion of Time.

    --
    If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.