Voiceprinting as an identification for wealthy bank clients grew popular more than a decade ago, with customers typically asked to utter a challenge phrase into the phone to access their accounts.
ha, I thought it was just a movie trope
sometimes it feels like banks will use literally anything but recommended practices for multi-factor authentication
I wish. My bank has been trying to get me to do that shit for years when I call in.
“YoUr VoIcE iS yOuR pAsSwOrD” - no, my fucking password is my password, and this voice print shit was an obvious security hole from day 1, which is why I always answered that I didn’t consent to their bullshit.
There’s no way that the phone network has enough fidelity to be able to accurately transmit your voice anyway. People who sound similar to you will be able to get in.
I argued with my old bank for ages about this and they continued to insist enabling it on my account was a great idea.
The film Sneakers showed the world why voice ID was a massive security hole and an all-around crappy idea back in 1992, and some idiots are still insisting it’s a good idea in 2025 when it’s only become astronomically easier to beat than Robert Redford and friends demonstrated.
In my case, I’ve been doing radio, podcasting, and other voice work for a long time and as a result there are hundreds and hundreds of hours of my voice freely available out there. People can cut and paste me saying “my voice is my passport, verify me” or anything else they like together in Audacity, no AI needed, and fool any telephone-based audio security computer on the planet with it. And explaining this in-person to the branch manager of my former bank elicited nothing more than the blankest expression I’d seen since the pet goldfish I had as a kid.
When I was complaining about the 10 pieces of paper, each needing a signature and a stamp, just to close one of my bank accounts, the clerk has informed me that some of their procedures has switched to an electronic signature instead. I was pumped! Until he finished the rest of the sentence. By the electronic signature he meant the squigly line, just on a touchscreen.
Some people strive to achieve the pure zen. At that moment I’ve achieved pure cringe instead.
It’s strange though, because that same bank has an excellent API and batch processing available.
Even ISPs do this where I am. You don’t have to utter anything specifically but if they detect your voice being drastically different from what they have on file, they’ll lock you out before you even talk to a real person. Not sure how I feel about it tbh
ha, I thought it was just a movie trope
sometimes it feels like banks will use literally anything but recommended practices for multi-factor authentication
I wish. My bank has been trying to get me to do that shit for years when I call in.
“YoUr VoIcE iS yOuR pAsSwOrD” - no, my fucking password is my password, and this voice print shit was an obvious security hole from day 1, which is why I always answered that I didn’t consent to their bullshit.
There’s no way that the phone network has enough fidelity to be able to accurately transmit your voice anyway. People who sound similar to you will be able to get in.
Exactly. It always seemed like something that would be broken and used as an excuse that it was my fault they didn’t secure their shit
I argued with my old bank for ages about this and they continued to insist enabling it on my account was a great idea.
The film Sneakers showed the world why voice ID was a massive security hole and an all-around crappy idea back in 1992, and some idiots are still insisting it’s a good idea in 2025 when it’s only become astronomically easier to beat than Robert Redford and friends demonstrated.
In my case, I’ve been doing radio, podcasting, and other voice work for a long time and as a result there are hundreds and hundreds of hours of my voice freely available out there. People can cut and paste me saying “my voice is my passport, verify me” or anything else they like together in Audacity, no AI needed, and fool any telephone-based audio security computer on the planet with it. And explaining this in-person to the branch manager of my former bank elicited nothing more than the blankest expression I’d seen since the pet goldfish I had as a kid.
Nope.
Fuck TD. They enabled this horseshit automatically on my account. Surprise, surprise, it didnt work on my voice, even once.
Supposedly they disabled it three times. Guess what else happened? Someone accessed my damn account, because it was their voice linked to my account.
I’ll never have a TD account again. Absolute jackasses in terms of account security, that isn’t even the only issue I had with them.
TD?
TD Bank, yes.
The Dank
Toronto Dominion Bank
When I was complaining about the 10 pieces of paper, each needing a signature and a stamp, just to close one of my bank accounts, the clerk has informed me that some of their procedures has switched to an electronic signature instead. I was pumped! Until he finished the rest of the sentence. By the electronic signature he meant the squigly line, just on a touchscreen.
Some people strive to achieve the pure zen. At that moment I’ve achieved pure cringe instead.
It’s strange though, because that same bank has an excellent API and batch processing available.
My bank uses that and personal info, and I have to be calling from a registered number.
Spoofing cell phone numbers is so easy a literal toddler can do it.
But can you do it detectably? Because that’s just as easy. This isn’t 95
Even ISPs do this where I am. You don’t have to utter anything specifically but if they detect your voice being drastically different from what they have on file, they’ll lock you out before you even talk to a real person. Not sure how I feel about it tbh
So don’t call them if you’ve got the flu or anything.
what the hell does an ISP want with that, that’s nuts
I guess it’s mostly for their cell services to avoid SIM jacking and stuff. But I agree
I am guessing they were trying to explain how a large number of banks are using the company PinDrop Security and did a really bad job of it.