Okta’s AI-Powered Voice Scanner

Photo by Connor Lin/The Daily Upside

Sign up to uncover the latest in emerging technology.

Okta is looking at a new way to get rid of passwords. 

The identity management company wants to patent a multi-factor authentication system that uses AI to analyze a person’s voice and verify their identity. Okta’s system would “allow voice to be one credential type” among several in a multi-factor authentication system – meaning users likely would need to also input some other kind of password to identify themselves. 

Okta’s system uses a neural network voice model to identify a user based on a “small number of sample utterances” spoken. It also can work independent of text, meaning it’s less susceptible to relay attacks from multiple devices. 

The system can also recognize the same voice even if the user is speaking different phrases or using different tones. According to the patent, Okta does this by training the model to create embedding vectors that capture unique facets of the user’s voice, including pitch, pronunciation or acoustics. 

Photo via the U.S. Patent and Trademark Office.

More companies including Meta and PayPal are trying to popularize verifying users’ human-ness with a “voiceprint,” using a voice’s unique sound, pitch and cadence as an identifier. 

Ari Weil, VP of marketing at cybersecurity firm Cyera, explained why biometric authentication methods are becoming more common: They’re easier to use than a password, which leads to a better user experience, and they’re more trusted by organizations when it comes to fighting fraud. 

This last part is especially crucial, as AI deepfakes become more popular and realistic. 

AI voices are already so convincing that most humans can’t tell the difference. A recent study out of University College London found that people only correctly identified deepfaked voices 73% of the time. “As the use of machine learning and AI advances… The ability to create and train models using biometrics is becoming an important way to identify that individuals are who they claim to be,” Weil said. 

Okta noted the model would account for these fraud attempts. While onboarding a user, the model will store their speech audio data in an embedded vector, then always compare future audio to that data to compute “a degree of similarity” between them. 

But biometrics’ uniqueness could also be its downfall. Aubrey Turner, executive advisor for Ping Identity, said that while biometrics can be “harder to steal and reuse, unlike passwords,” if the data is stolen, “you can’t really just infinitely swap them out like passwords.”

AI can be both “a gift and a curse” when it comes to biometric security systems like Okta’s, Turner cautioned. Just as AI is being implemented to improve security, “it is also already being used to scale and build more sophisticated phishing attacks, malware and deep fakes.” And in Okta’s case, after two breaches last year, it’s possible some customers’ compromised data could later be used for deepfakes. 

Have any comments, tips or suggestions? Drop us a line! Email at admin@patentdrop.xyz or shoot us a DM on Twitter @patentdrop. If you want to get Patent Drop in your inbox, click here to subscribe.