[Discuss] Fidelity voice-recognition security?

[kentborg at borg.org (Kent Borg)]

On 11/22/2017 12:17 PM, Richard Pieri wrote:
> On 11/21/2017 11:27 AM, Daniel Barrett wrote:
>> I declined the feature. Fingerprinting a voice uniquely over a
>> low-quality telephone line? I can't imagine that's more secure than a
>> non-obvious password. What does the security crowd here think?
> Passwords suck. Voices are unique. In principle, voice identification
> can be a good authentication system. In practice, it depends on how many
> retries and how much deviation from a given user's baseline the system
> permits.

In practice there plenty of things to go wrong. Enormous complexity is 
added to do voice authentication. Complexity is the enemy of both 
reliability and security. Sure, the trade-off can be worth it, but be 
skeptical, the burden of proof needs to be on the proposed complex 
system that wants to be layered on top.

But we don't do that, we just shovel in enormous stuff after enormous 
stuff we don't understand. That's how RAM and storage capacity has added 
so many orders of magnitude for relatively little benefit, the extra is 
cruft we don't understand, we just keep shoveling it in.

Indeed, passwords suck*. But just because they suck doesn't mean any 
given alternative is necessarily better.

-kb


* Passwords are kinda like democracy:

    Many forms of Government have been tried and will be tried in this
    world of sin and woe. No one pretends that democracy is perfect or
    all-wise. Indeed, it has been said that democracy is the worst form
    of government except all those other forms that have been tried from
    time to time.? - Winston Churchill

Circa 2017 it's /REALLY/ easy to argue that democracy sucks. Doesn't 
mean any given alternative is necessarily better.