On 11/22/2017 12:17 PM, Richard Pieri wrote:
On 11/21/2017 11:27 AM, Daniel Barrett wrote:
I declined the feature. Fingerprinting a voice uniquely over a
low-quality telephone line? I can't imagine that's more secure than a
non-obvious password. What does the security crowd here think?
Passwords suck. Voices are unique. In principle, voice identification
can be a good authentication system. In practice, it depends on how many
retries and how much deviation from a given user's baseline the system
permits.
In practice there plenty of things to go wrong. Enormous complexity is
added to do voice authentication. Complexity is the enemy of both
reliability and security. Sure, the trade-off can be worth it, but be
skeptical, the burden of proof needs to be on the proposed complex
system that wants to be layered on top.
But we don't do that, we just shovel in enormous stuff after enormous
stuff we don't understand. That's how RAM and storage capacity has added
so many orders of magnitude for relatively little benefit, the extra is
cruft we don't understand, we just keep shoveling it in.
Indeed, passwords suck*. But just because they suck doesn't mean any
given alternative is necessarily better.
-kb
* Passwords are kinda like democracy:
Many forms of Government have been tried and will be tried in this
world of sin and woe. No one pretends that democracy is perfect or
all-wise. Indeed, it has been said that democracy is the worst form
of government except all those other forms that have been tried from
time to time. - Winston Churchill
Circa 2017 it's /REALLY/ easy to argue that democracy sucks. Doesn't
mean any given alternative is necessarily better.
_______________________________________________
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
