The PhoneFactor biometric system uses something the user has (a telephone), something they know (a password), and something they are (their voice), to make authentication more reliable, the company says. It argues that voice-based identification is more feasible for many organizations than the current de facto standard for biometrics – fingerprint recognition – because it doesn't require expensive reader hardware to be deployed locally (not to mention the famed Gummi Bear attack).
The PhoneFactor biometric authentication system works by calling users when they log in. They answer the call and speak a passphrase to complete the login. The system analyzes key characteristics from the user's voice, such as pitch and rhythm. The system uses multiple voiceprint algorithms to minimise false negatives from background noise or minor variations in voice, PhoneFactor said.
Users enroll on the system through the PhoneFactor User Portal, or during the first authentication call.
"Because there are no tokens and no biometric readers to buy, deploy, and support, both the initial and ongoing costs for PhoneFactor are materially lower than other multi-factor authentication systems," PhoneFactor said.
PhoneFactor achieved international recognition late last year after discovering a fundamental flaw in the way that SSL worked, which sent implementors scrambling for a fix.