Augmented Authentication — the new era of authentication
Traditional and augmented ways of authentication.
In this topic, you’d learn the standard ways and augmented ways of authentication. Yes, you read it right. Augmented ways of authentication will be the future of the application security world. Want to know how? Scroll down to know more.
Ways of Authentication
A. Traditional Authentication
The traditional approach is nothing but that we have been following for ages. Want to guess what it will be?
Yes, you guessed it right. By using mere “username/email” and “password”. Only two fields that we tend to set as our distinctive identity. Sometimes on top of it, we also use “Verify security questions” and set some answers to it that will be only known to us. Most of the time, this extra layer of security questions is used in banking or similar applications. Entering a password plus a one-time password (OTP), or a password plus the answer to a security question. Such a kind of set of combinations is called Multi-Factor Authentication.
No doubt this traditional way is a secure one, easy to a few of us and troublesome to many of us. Easy for those who have a good memory or the ones that are born with a sharp memory indeed! However, difficult for many of us who use the “remember me” option to save the credentials to the browser in order to get our hands off this challenging memory game. Isn’t it? Truth be said, no one wants to spend extra time every day dealing with many obstacles to logging on and accessing resources.
But given a choice, won’t it be amazing where you won’t need to save your password to the browser or trouble your mind to remember it all the time? Puzzled!? Is that even possible??
Yes it’s possible! With Augmented Authentication the future of multi-factor authentication: AI, ML and more.
B. Augmented Authentication
We know that multi-factor authentication is continually evolving. Providing us with both security and less inconvenience for end users. In our daily life, we use biometrics which is a good example of this idea. Here authentication becomes more secure as nobody can abduct our unique face or fingerprint. So users need not have to put any extra effort to remember anything like a password anymore.
Thinking about that, what comes to my mind first is Passwordless authentication. Rather than typing a password as the main method of verifying identity and supplementing it with other non-password methods. Passwordless authentication knocks out passwords as a form of authentication. Interesting, right? Below are a few ways we can achieve that.
1. Face Recognition:
Isn’t it exciting to use our face as our application password? What will be a more unique identity than our face, right? We have been using face recognition in mobile applications already. But now that is even possible in browsers. Now with face-api.js we can implement a face recognition system on the browser.
What is face-api.js ?
Face-api is the javascript library created by Vincent Mühler., to detect faces via browser. It is built on the top of tensorflow.js core. It implements various CNNs (Convolutional Neural Networks) such as face detection, face recognition, face landmark detection, age and gender detection. It is compatible with both web and mobile devices.
2. Voice Recognition:
Voice has exclusive characteristics that can be associated with an individual. Along with a face recognition system, speech recognition can be an efficient security layer for the applications. The Azure Cognitive Service is one of the good platforms for that purpose of which Speaker Recognition service can be used to verify and identify speakers by their individual voice aspects.
Speaker Verification:
Azure provides two ways to recognize a speaker: Text-Dependent and Text-Independent speaker verification.
What is Text-Dependent speaker verification?
In Text-Dependent verification, speakers have to choose the same passphrase to use during both enrollment and verification phases. There is a set of predefined phrases in the speaker recognition service. Either of which a speaker can use in the speaker enrollment process by recording the voice by saying a passphrase.
The Speaker Verification API excerpt the voice features from the recorded audio to create a distinct voice signature. In all, the voice signature and passphrase will be used to verify the speaker. The service also takes the ID associated with the speaker as an input parameter along with the input speech recording.
We can also create our own passphrase. Send separate requests to the text-independent speaker verification API and speech-to-text API. Then by combining the respective result, we can determine the speaker’s identity.
What is Text-Independent speaker verification?
In the Text-Independent type of speaker identification and verification method, the speaker is not bound on what to speak.
In the enrollment phase, the voice features are extracted from the speaker’s audio to create a unique voice signature. In the verification phase, the speaker can speak randomly(not bound to any passphrase). The speech recording and the ID associated with the speaker are sent to the speaker verification API on which the voice features are compared against the voice signature in the enrollment profile of the corresponding speaker.
In both scenarios, the service either returns “Accept” or “Reject” based on the voice similarity score. If the voice similarity score is greater or equal to 0.5, the API returns “Accept” i.e. RecognizedSpeaker. Whereas if the voice similarity score is less than 0.5, the API returns “Reject” i.e. the speaker is a NoMatch.
To know more in-depth, stay tuned for the upcoming articles. I hope you find this article interesting. Please don’t forget to add your thoughts or feedbacks in the comments below.
