In a bid to ease customer’s telephone service experience, Barclays Bank has plans to introduce voice recognition technology, provided by Nuance Communications. Identifying the parson’s speech patterns, Nuance’s FreeSpeech voice biometrics solution, should sort out the issues arising when people forget their pin numbers or security questions. However, Jason Hart, VP Cloud Solutions at SafeNet and Chris England, Director at Okta say that this should not be the only solution used. SafeNet’s Hart explains:” It’s not surprising that Barclays is making the move away from password-based authentication for its telephone banking. Today we have so many passwords to remember that we choose easy-to-guess passwords, use the same passwords for several accounts, or even write down passwords where they can be easily found. So organisations need to look for alternative ways to authenticate users and bolster security. This means, not relying on basic username and password for customer authentication and adopting a holistic security strategy that offers multiple layers of protection, such as multi-factor authentication and encryption. ” While biometrics can provide a convenient and alternative security mechanism, it should not be used as a single factor authentication solution. This is partly because of the fact that biometrics are not based on secrets. Your voice, your image and your fingerprint are not a secret. You leave them everywhere, and they can be spoofed, with different levels of effort. So it’s important that they are used as part of a multi-factor authentication strategy.” Chris England, Okta Director adds:” The move to abolish passwords will no doubt be welcomed by customers. Today we have so many passwords to remember, all of which have different requirements and expiration cycles. As a result, most of us suffer from ‘password fatigue’ where we use obvious or reused passwords often written down on Post-it notes or saved in Excel files on laptops. ” We’ve reached a point where usernames and passwords alone are no longer good enough. We’ve long had single sign-on technologies to remove the complexity of remembering multiple passwords, but what if someone else gets a hold of that single username and password? Not surprisingly, multi-factor authentication”that requires two or more factors to verify the legitimacy of the user” has taken off and evolved pretty substantially in the past decade, and we’re now seeing authentication methods becoming as personalised and specific to the individual as the experiences they’re trying to access. We’ve already seen a lot of organisations implementing more flexible, adaptive, people-centric authentication methods and expect to see more following in Barclays’ footsteps.”
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.