Voice ID Security

(Josh) #1

I’ve noticed the legacy banks pushing Voice ID as a security feature. Personally this raises data protection concerns and I’ll be declining - even though they ask me every single time I call and I can’t opt out of being asked again. This topic is for thoughts on Voice ID security. It is a feature I suggest Monzo should avoid

2 Likes
#2

Just curious - from a data protection point of view do you have the same concerns about Face ID & Fingerprint ID?

1 Like
(Josh) #3

I do with Face ID. I’m happy with my iphone 7 and purposefully haven’t upgraded for that reason. I take a general view of minimising the data I share. Fingerprint ID I use happily

(Keri) #4

I don’t mind voice ID - only because it helps when I occasionally need to contact First Direct (where I have a mostly empty account that I only keep for the linked saver!) Otherwise I am rubbish with passwords.

1 Like
(Josh) #5

I guess I’m happy to utilise one if it makes my life easier - I don’t need to provide all three. Fingerprint makes my life easier than typing in a 6 digit code (stipulated by work) for all use of my phone not just my bank. I think the fingerprint isn’t held by Monzo but rather by apple? I don’t mind having that segregation. What I want to avoid is giving one company all my info. I don’t feel there is any need for my bank to hold my voice pattern on record - no benefit to me as far as I can see over and above other methods. I rarely call anyway so to keep that info for such rare occasions feels too much

1 Like
#6

Really like voice ID here too. Set the HMRC one up as soon as they launched it. Makes ID verification so much faster and given that your call is being recorded and stored anyway you may as well!

1 Like
#7

You’ll be pleased to hear that data gathered from Face ID is stored in exactly the same way as data from Touch ID — in the Secure Enclave on your iPhone.

Perhaps the best thing is that the data doesn’t leave your device. It doesn’t reach Apple’s servers because it doesn’t need to.

And contrary to common belief, Face ID doesn’t work on an image, it works with a complex mathematical equation of the depth and contours of your face, generated with the infrared sensor in the True Depth Camera system.

Privacy and security really shouldn’t be a concern when using iPhone, if you take reasonable steps to secure your personal information.

12 Likes
(Dan Mullen) #8

I agree with everything you said except the last sentence. Regardless of which device you use, your privacy can be breached if you don’t observe good security practices, e.g. iCloud breaches happen quite often, always down to poor password selection.

3 Likes
#9

I agree with you actually — I was struggling to think about how best to phrase it! Alas, I hope the info helps put the OP’s mind at ease :slightly_smiling_face:

1 Like
(Sarcasm is the finest form of wit.) #10

Your fingerprint isn’t held anywhere other than on your device, and it’s not an image of your fingerprint it’s specific identifiers which (if I recall correctly) are then obfuscated into a secure part of the Apple OS. This ‘secure part’ is the one the FBI are frequently asking Apple to ‘open’ and Apple are firmly saying no.

It’s the same with Face ID, it’s a 3-d map of your face which is safer than fingerprint and similarly ‘protected’ by Apple.

(Rob) #11

As has been said I also totally understand not wanting to use voice ID. That means it is stored on a server somewhere.

TouchID and FaceID is stored solely on your device - and not as a fingerprint or photo of your face.

4 Likes
(Sarcasm is the finest form of wit.) #13

Seconded

#14

Do Android phones handle this in the same or similar way?

#15

As far as I know, yes. I believe that the requirements for Android determines that fingerprint data stay on device, much like with iOS :slightly_smiling_face:

The biggest difference will come from the hardware itself, for example, Face ID often far outperforms its competitors in terms of accuracy and security — I’ve seen various tests with Android devices that use images of users to unlock devices.

1 Like
(Jamie 🏳️‍🌈) #17

Your voice is stored on servers for every company you phone though.

That message telling you calls are recorded for quality and training purposes? Where do you think those calls are stored?

2 Likes
(Rob) #18

I didn’t say otherwise. I was making the point to the thread starter that it is much more secure to have Touch/Face ID which is only stored on the device - therefore ‘not wanting your face stored’ is a false argument.

Also there is a difference between call recording and voice ID.

1 Like
(Josh) #19

But it’s not stored for identity purposes there. Just because it’s stored in one capacity with some companies doesn’t mean I want it in other capacities with others. The general principle for me is to minimise data sharing, particularly where it is not needed. I cant choose to opt out of the recording you mention but can choose to opt out here. There’s probably a time limit that they can legitimately hold calls for training purposes. If they had ongoing need for voice ID then that time limit becomes indefinite.

2 Likes
(Jamie 🏳️‍🌈) #21

What’s the difference, in terms of server storage?

(Rob) #22

I have no clue, it wasn’t really what I was getting at.

Like mentioned previously it has to be stored indefinitely whereas call recording does not.

(Dan) #24

For anyone wanting to learn more about Face ID & it not storing a photo of your face:

1 Like