Choosing your passphrase

If you have a speaker verification system (or plan to implement one) and haven’t decided on a passphrase yet, the following may be of interest. You’ve probably seen the advert where the little kid says “my voice is my password” to access his phone. For secure applications, this isn’t necessarily the best idea. Commonly spoken phrases, by their very nature, are easily predicted and susceptible to spoofing attacks by hackers. Similarly, using the same passphrase for all your applications (contact centre solutions, IVR systems, mobile apps etc) is akin to having the same password for everything. Not a good idea. Granted, it’s not quite as bad as having "Password" as your password. The biometric component of speaker verification adds a much-needed degree of added security. Of course, it’s unlikely that your corporate security policy would permit use of the same passphrase by every user, across multiple systems. Ideally, your speaker verification system should be flexible enough to allow users to choose their own passphrase.

What makes a good passphrase?

In a text-dependent system (i.e. one that is reliant on a specific phrase or sequence of words), you should be looking for a unique arrangement of words that takes about 2-3 seconds to utter. We recommend a phrase with a minimum of four syllables; something that is both easy to say, and easy to remember. This is enough to create a viable voiceprint when enrolment involves the analysis of several repeats of the same passphrase. From a security point of view, try to avoid a passphrase that might be easily associated with you as an individual. Social engineering is a popular identity theft tool, so avoid something predictable like your home address. In a text-dependent system, very few phonemes (the distinct, audible sounds that comprise a language) are needed, if you have enough samples. NB: although the English language has 26 letters in its alphabet, it has 44 phonemes. If you are enrolling via repetition, repeating the same sounds within the passphrase is not a bad thing, because we do not always pronounce them in the same way.

Enrolment vs. verification

If you are using a text-dependent passphrase for verification, it makes sense to use the same phrase for enrolment. However, if you are implementing a text-independent system, the ideal enrolment would involve attaining a greater degree of phonemic content (sounds), repeated in many different contexts. In the case of a text-independent system, enrolment data will need to be detailed enough to cover all the sounds expected to be encountered during verification. Recordings with lots of syllables will generally produce more precise models and better verification accuracy. It is rare for one party in a telephone conversation to speak continuously for more than 10 to 20 seconds. So, enrolment recordings should be comprised of multiple, shorter passages; captured throughout the duration of a conversation. Verification is then achieved during extended dialogue between the caller and an agent or through spoken responses to an IVR system, rather than by repeating a specific passphrase. If you are implementing a text-prompted system, where the response will also be recognised using ASR, several examples of each possible prompt will be required for enrolment. If your prompt is to be a random, 4-digit sequence of numbers between 1 and 9, enrolment should consist of repeating each number several times. Counting from one to nine and back again in separate recordings will suffice. Your choice of active or passive enrolment is likely to be determined by what is most practical at the time of enrolment. A passive enrolment, where enough audio is captured during a conversation, may be more natural experience but a less practical one. Multiple repetitions of a four second active passphrase or number sequence is a more artificial, but efficient process. Find out more information on speaker verification and authentication, check out our Look who's talking white paper.


The Aculab blog

News, views and industry insights from Aculab

  • Revolutionising the Landscape of Remote Authentication

    In a time where borders blur and workplaces extend beyond the confines of traditional offices, the significance of remote authentication has taken centre stage. As we advance, so does the need for secure and efficient ways to verify and authenticate our identity remotely. Finding the balance between security and user convenience is key when seeking to implement successful remote authentication.


    Continue reading

  • Choosing The Ideal Communication Platform: Key Considerations to Optimise Your Business

    Communication Platforms as a Service have become a necessity in the current digital age; allowing businesses to obtain frictionless means of communicating effectively. However, as technology rapidly evolves, so must communications. Much of the platforms on offer today are homogenous, so choosing the best fit for your business can be difficult. In this blog, we have shared some key points and trends for to consider, so your business can amplify communications and increase operational efficiency!


    Continue reading

  • 10 questions people are asking about The Big Switch Off

    With The Big Switch Off fast approaching, people naturally have questions and concerns ahead of the shutdown. The transition from conventional networks to digital technology is unavoidable in the fast-evolving world of telecommunications. In this blog, we address ten common questions people have about the Big PSTN Switch Off, shedding light on the topic and providing clarity.


    Continue reading

  • 3 Ways Your Business Can Benefit From a Communications Platform as a Service

    Acquiring a Communications Platform as a Service has become a very common trend for a variety of businesses in recent years. Even with AI and all the technological advancements that have been achieved, the world has come to realise that exceptional customer service is at the core of running and maintaining a successful business. So, we have identified a few ways in which a CPaaS could benefit your business!

    Continue reading

  • The Future of Communications: React Native SDK from Aculab

    Having access to quality, and trust-worthy digital communication platforms is essential in the contemporary business world. That’s why here at Aculab, we have employed the use of React Native – integrated into the WebRTC browser interface, we provide bespoke, human-centered, voice and video communication options

    Continue reading