Okta is looking at a new way to get rid of passwords.
The identity management company wants to patent a multi-factor authentication system that uses AI to analyze a person’s voice and verify their identity. Okta’s system would “allow voice to be one credential type” among several in a multi-factor authentication system – meaning users likely would need to also input some other kind of password to identify themselves.
Read More:– Technology, accessibility, and the benefits of online learning
Okta’s system uses a neural network voice model to identify a user based on a “small number of sample utterances” spoken. It also can work independent of text, meaning it’s less susceptible to relay attacks from multiple devices.
The system can also recognize the same voice even if the user is speaking different phrases or using different tones. According to the patent, Okta does this by training the model to create embedding vectors that capture unique facets of the user’s voice, including pitch, pronunciation or acoustics.
More companies including Meta and PayPal are trying to popularize verifying users’ human-ness with a “voiceprint,” using a voice’s unique sound, pitch and cadence as an identifier.
Ari Weil, VP of marketing at cybersecurity firm Cyera, explained why biometric authentication methods are becoming more common: They’re easier to use than a password, which leads to a better user experience, and they’re more trusted by organizations when it comes to fighting fraud.
Read More:– Google Assistant May Soon Be ‘Supercharged’ With Bard-Like AI
This last part is especially crucial, as AI deepfakes become more popular and realistic.
AI voices are already so convincing that most humans can’t tell the difference. A recent study out of University College London found that people only correctly identified deepfaked voices 73% of the time. “As the use of machine learning and AI advances… The ability to create and train models using biometrics is becoming an important way to identify that individuals are who they claim to be,” Weil said.
Okta noted the model would account for these fraud attempts. While onboarding a user, the model will store their speech audio data in an embedded vector, then always compare future audio to that data to compute “a degree of similarity” between them.
But biometrics’ uniqueness could also be its downfall. Aubrey Turner, executive advisor for Ping Identity, said that while biometrics can be “harder to steal and reuse, unlike passwords,” if the data is stolen, “you can’t really just infinitely swap them out like passwords.”
Read More:– Meta launches AI tool AudioCraft to create music from text
AI can be both “a gift and a curse” when it comes to biometric security systems like Okta’s, Turner cautioned. Just as AI is being implemented to improve security, “it is also already being used to scale and build more sophisticated phishing attacks, malware and deep fakes.” And in Okta’s case, after two breaches last year, it’s possible some customers’ compromised data could later be used for deepfakes.