Is the age of the password dead?
Sometimes TV ads just make you want to flick channels but on occasion an advert comes along that really makes you think. A recent one that struck a chord with me is for Barclays Wealth and features a young woman on the phone being asked the usual kind of security questions before she can access her account.
She is asked for her most memorable day and instantly pictures herself in a pink dress with a birthday cake, prompting the bank customer service agent to tell her she is incorrect, it’s not her birthday. She gets a second chance to remember and this time we see her picturing herself in her wedding dress, thankfully that was the right answer.
We’ve all been in her shoes, struggling to recall the name of our first pet - did we use the name of the goldfish we had for a week or our first puppy? Maybe you used your own child’s name but you can’t remember which child it was - a common mistake as consumers are rarely very inventive when it comes to memorable passwords.
The worst passwords of the year are ranked every year by Splashdata and the top ones are perennially ‘password’ or ‘123456’. Also, according to an Experian survey, consumers have an average of 26 separate online log-ins but just five different passwords.
However, back to the ad: we see the same woman calling her bank again and this time there’s no need for her to rack her brain for her security answers, she simply has a brief normal chat and before she can even tell the agent who she is, the agent greets her warmly by name.
The technology which enabled this painless process is voice biometrics and Barclays Wealth is the first financial services organisation in the UK to use it to authenticate customers. Since its introduction, Barclays says that 84% of its customers have signed up for the system with 95% having been successfully verified in successive calls. It’s not clear the reason that 5% were not able to be verified but in those cases the bank simply reverts to traditional forms of authentication.
One of the most high profile examples of voice recognition technology is Apple’s Siri voice assistant. It is relatively early days for this technology and there are a number of comical YouTube videos showing bizarre Siri responses, whether they result from human error, programmer mischief or technology glitches is not clear. However, the technology’s adoption by a major UK bank begs the question of whether voice biometrics might soon be deployed on a much larger scale, replacing the need for PINs, passwords or tokens.
Paypal Chief Security Officer Michael Barrett certainly thinks passwords are on the way out because too often personal information is compromised with people using the same passwords across multiple accounts, which, he argues, means the level of security on all accounts is only as good as the least secure place they visit on the internet.
Of course voice is not the only game in town, there is sophisticated technology which scans the iris, or fingerprints and some, including Paypal’s Barrett, believe Apple may introduce fingerprint recognition technology when it launches iPhone 6.
At this stage, the jury remains out on which technology will dominate and undoubtedly consumer preference will be an important determinant. A recent study by Ponemon Institute compared preferences in Germany, United States and the UK and found some cultural divergence. The order of preference among UK consumers was first of all voice recognition, followed by facial scan, fingerprint, hand geometry and then eye scan.
It may take several years for rival technology battles to play out, or potentially adoption by a big consumer brand like Apple may provide a springboard for one over the others.
For now, the idea of a warm human voice greeting me by name within a couple of minutes of picking up the phone seems rather appealing and a particularly neat example of a happy union between technology and humanity.