Because passwords are so passé, we’ve been taking a look at the future of biometric verification, and what it might mean for your smartphone…

With ‘smart gates’ now using facial recognition technology to speed us through passport control and Apple extending its Touch ID feature to the new Macbook Pro, it’s clear that biometric verification is becoming increasingly prevalent in our everyday lives. In fact, from August 2017, we’ll even be introducing the ability to use your voice as your password when you call Vodafone UK.

It’s all part of our digital reinvention, but what does this mean for security? Could it spell the end of the humble password? Join us as we shine a light on how biometrics came to be, with a particular emphasis on voice…

Firstly, what exactly is biometric verification?

The term ‘biometric’ is derived from the Greek word ‘bio’ meaning life and ‘metric’ meaning to measure. In a nutshell, biometric verification involves mapping aspects of your unique physical or behavioural characteristics back to your identity using complex algorithms.

Some of the most well-known biometric identifiers include fingerprints, voice waves, retina and iris patterns. These features are unique to every individual and next to impossible to forge, making them an increasingly popular way to ensure you are who you say you are, and subsequently allow you access to everything from your phone and bank account to your workplace and country.

Voice

You might think voice biometrics is new. And to some extent, it is. The technology that enables voice identification as we know it today first emerged in the late 1990s and has been improving in leaps and bounds ever since. However, it was actually Melville Bell (the father of the man behind the telephone, Alexander Graham Bell) who laid the groundwork that enabled the translation of speech into visual forms way back in 1867.

Some of the first uses of this system occurred during World War II, when American soldiers used spectrograph machines to intercept voice transmissions and analyse enemy movements. However, it wasn’t until 1976 that the US Airforce tested the first voice automation prototype built by Texas Instruments.

Today we’re seeing a proliferation of voice-driven technology – from Amazon’s Alexa to Apple’s Siri. You can already ask Alexa simple questions about Vodafone UK services, and  later this summer we’ll have fresh skill, which will enable you to ask for information about your Vodafone account. Once you’ve followed a simple authentication process, you’ll be able to ask Alexa for billing data, account details and information about extras.

And that’s not all. Your voice comes in handy when you call our contact centre too. Simply tell us in your own words why you’re calling – for example say, “I’d like to upgrade” and our interactive voice response (IVR) system asks a few questions to make sure we’ve got it right and transfers you through to the right team. From August, we’ll be taking this even further with voice biometric identification – so soon you’ll be using your voice as your password.

If you’ve ever forgotten a PIN or a password you’ll know how annoying and time consuming it can be. Some people combat this by using the same password for everything or writing their passwords down. But to be honest, that completely defeats the purpose and it opens you up to fraud. Once our biometric system is in place later this year, you’ll be able to use your voice to tell us not only how we can help, but who you are, as well being able to use your voice as your password when you call our customer service team.

As everyone becomes more and more comfortable speaking aloud to your machines, expect voice recognition technology to improve even further in the months and years to come.

So how does voice identification work?

Your voiceprint is actually one of the most complex biometric identifiers available, as it comprises around 100 or so unique physical and behavioural features.

Current voice identification systems, like the one being implemented at Vodafone UK, take into account your accent, inflection, rhythm, tongue placement, the size and shape of your vocal chords – and even the way you breathe. So, while you may sound a bit like your mum or have a knack for imitation, the chance of replicating every single aspect that makes up someone’s voice ID is (very) slim to none.

When you call us to enrol, for example, you’ll be asked to repeat a simple phrase to create a ‘voiceprint’. This will replace the authentication process from there on in – eliminating the need to remember random security info, while making your account more secure.

Fingerprint

Chances are, if you have a modern smartphone, you’ve used your fingerprint to unlock it, authorise purchases and access all your apps. Apple was the first to introduce fingerprint-unlocking technology with the release of the iPhone 5s with Touch ID in 2013. Similar technology has since been adopted by pretty much every major smartphone manufacturer. It’s become such a key part of the iPhone experience, for instance, that the introduction of iOS 10 removed the classic ‘swipe to unlock’ function to help push people towards using their thumb as the key to their phone.

How it works

Your phone doesn’t store your fingerprint as an image. Instead, it uses an algorithm to convert your fingerprint’s characteristics into a numerical value, which is then encrypted and protected on a part of the chip in your device. On iPhone, Apple calls the it the “Secure Enclave.”

According to Apple, the steel ring surrounding the Home button detects your finger and tells Touch ID to start reading your fingerprint. The sensor uses advanced capacitive touch to take a high-resolution image from small sections of your fingerprint from the sub-epidermal layers of your skin. The phone then intelligently analyses this information – with a remarkable level of detail and precision. It categorises your fingerprint as one of three basic types — arch, loop, or whorl (we fancy ourselves as a whorl). It also maps out individual details in the ridges that are smaller than the human eye can see, and inspects minor variations in ridge direction caused by pores and edge structures. Bet you didn’t know your digits were so complex!

As with contactless payment cards, Touch ID doesn’t replace your passcode entirely but it does add a level of convenience. If your phone’s been powered down or idle for over 48 hours, you will usually need to enter your code to gain access.

Iris scanning

Currently being billed as the next big thing, iris scanning actually made its smartphone debut in 2015 in the Fujitsu Arrows NX F-04G, before turning up again in the ill-fated Samsung Galaxy Note 7 in 2016. It’s a key feature of the Samsung Galaxy S8, and rumours are already swirling around its inclusion in Apple’s iPhone 8. That’s probably because iris scanning is considered one of the most accurate forms of biometric verification – up to 10 times more accurate than fingerprint scanning.

The eyes have it?

For those just getting up to speed, your iris is the coloured ring in your eyeball between your pupil and the white bit (AKA the sclera). The colour of your iris is determined by genetics, while the patterns in your iris ligaments are created at random, and are unique to each eyeball. By the time you’re around two years old, your iris is fully formed, permanent, hard to injure and difficult to forge. The chance of any two irises being identical is one in ‘10 to the power of 78’ – in other words, you would be incredibly lucky.

Similar to fingerprint scans, iris scanning technology doesn’t actually store any images of your irises. Instead it identifies and stores a collection of unique traits (many more than fingerprint scanners) and converts this into an IrisCode. When you cast your gaze upon the iris reader, it matches your code with your identity, and… Voila, you’re in!

But… are they secure?

It would be foolish to believe any technology is 100 per cent secure. However, compared to your password, which, let’s face it, is probably your mother’s birthday, biometrics provides a solid layer of safety without the hassle of remembering random collections of letters and numbers.

In contrast to the patterns on our fingers, our irises and our voiceprints are much more difficult to copy, making these more secure on the whole, even if iris scanning does come at the battery expense of having to fire up your phone’s front facing camera to work. Also, we leave our fingerprints behind on most objects that we touch. And while our fingers can get wet and dirty, affecting the functionality of fingerprint unlocking, iris scanning happens from a distance. The natural act of blinking ensures our eyes are kept nice and clean and ready to scan at all times and most voice recognition systems are clever enough to recognise your voice even when you have a cold.

Biometric identifiers like your fingerprints, retina and voice are incredibly difficult to replicate, ensuring your account remains secure. And, while it’s true that if someone did manage to replicate your biometrics, they would be a lot more difficult to replace than a compromised password, doing so would be a pretty complex and costly undertaking. Any would-be hackers would need to really, really want to read your messages or access your accounts.

So, what’s next for biometrics and security?

One extra biometric security method worth a mention here is Windows Hello, the face-recognising tech that lets you unlock any PC or phone running Microsoft’s latest OS. It takes a 3D photo of your face and its features using infrared cameras, creating an inimitable map of your entire visage. It’s clever stuff, but will it prove more popular and easier than both fingerprint and Iris scanning? Only time will tell.

If one thing’s certain, it’s that innovation in this space is inevitable. Which is great news, because it means our information is only getting safer.

Find out more… About Biometrics, AI, and the future of customer service, with a raft of digital improvements at Vodafone UK.