The voice biometrics offering verifies the user's voice: When a user logs in, he receives a voice call that prompts him to say his passphrase, which confirms his identity based on his "voiceprint." A voiceprint is set up once and then used in subsequent authentication sessions.
"This is for the most security-conscious [organizations] that have the most to lose," says Steve Dispensa, CTO at PhoneFactor. "Something you know, something you have, and something you are are all collected for authentication."
Dispensa says voice biometrics is aimed at financial services, government, and B2C environments that need an extra layer of user authentication due to their sensitive operations. PhoneFactor's service doesn't require a biometrics reader. It works with the user's phone system.
PhoneFactor says the out-of-band voice authentication call protects against man-in-the-middle attacks and keystroke loggers. The voice biometric service costs $15 to $30 per user for an organization with 5,000 to 10,000 users.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.