Huffpost UK Tech uk
The Blog

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

John West Headshot

ID Verification: Time to Pass on the Baton

Posted: Updated:

As more and more of our lives move online, there are an increasing number of ways in which our digital identities can be compromised and our finances attacked. The National Audit Office this month cited poor security awareness amongst consumers as a significant contributor to the threat that cyber-crime poses towards the UK. The recent hacking of Twitter's password database was only the latest in a long line of incidents that have seen customers of big digital brands have their login details exposed to the criminal underworld. If you use the same password across multiple accounts, then a simple hack on a social or retail site could see your online banking credentials in the hands of criminals.

With many of us regularly using a number of online accounts, we're often advised to use a different password for each one but, if we heed that advice, we tend to either write them down, or save them somewhere else online. The flaw in either plan is obvious. Another issue is that many of us use easily guessed terms in the first place. Research from SplashData suggests that the most common password worldwide is 'password', closely followed by '123456'. In reality, however, any word in the English dictionary can be easily guessed using proprietary software and even passwords of the "€3Hn-j$%z" variety can now be cracked by sophisticated criminals in a matter of hours. Basic digital security, such as better forms of ID verification, could prevent many of the thousands of cyber-attacks perpetrated against the public each day.

That's why the majority of financial services companies now insist on a second layer of security to protect their customers' data. Most common is the split password ("please enter the second, fifth and eighth letters of your password"), but this is useless if the password is already in the wrong hands. A password shared across many accounts makes this much more likely to happen. More secure is two-factor authentication - comprising something a user knows (such as their date of birth or address) and something they have (like a code from an external card reader). However, these methods mostly require external hardware, so are not convenient for securing smartphone and tablet apps.

Biometrics has long offered a solution, but the hardware-based options of the past have often been clumsy, space-intensive and difficult to update. They're also tricky to integrate, whether that's the difficulties inherent in making them communicate with the apps that need them, or incorporating them into the sleek design of today's mobile devices. A solution which uses the existing hardware of a smartphone or laptop offers an answer.

A software developer based technology, which can be plugged in to any app for which such security might prove necessary, solves the software integration problem. Although other options are available, voice biometric technology is the only one where a market-ready solution exists. At Nuance, we've been researching and developing this technology for over a decade, and have been installing voice-biometric authentication in call centres since 2006. Previously, it needed a powerful server to make it work; that hasn't changed, but the rapid development of cloud technology means that the server no longer has to be anywhere near the application using it. As part of the development of our cloud-based personal assistant, Nina (which allows developers to superimpose an artificially-intelligent virtual personal assistant onto any app), we included voice biometric recognition. That means that, not only can you control an app with your voice, but only you can do so - it won't respond to any other vocal input.

The USAA Bank in the United States has trialled the technology with a small number of customers; their feedback on the convenience and peace-of-mind it offered them was so good that USAA is now rolling out the technology across its customer base. Nina had its official global launch last week, and is now available in 38 languages. We're speaking to a large number of banks, telcos and utilities around the globe about developing a Nina-based solution for their customers. Soon, we'll be able to make the hacked account, the forgotten password and the emptied bank balance things of the distant past.