Implement VOICE passwords on iPhone etc

robfol
robfol
Community Member

Inputting complex master passwords on an iPhoone is a disaster. Siri speech to text is now so good that voice 'phrase' passwords should work perfectly. Please investigate

Comments

  • hawkmoth
    hawkmoth
    Community Member
    edited February 2014

    I think that's an interesting idea, but you'd have to very careful about where you were and who might overhear when you used such a feature. Off hand, I think I'd prefer the Touch ID authentication that you asked for in another post.

  • Hey @robfol,

    In addition to what @hawkmoth said, also remember that whenever you use Siri or Dictation, what you say is sent to Apple to be processed, and may be stored.

    From the Apple iOS Software License Agreement:

    4) Consent to Use of Data.

    >

    [...]

    >

    (c) Siri and Dictation.

    >

    [...]

    >

    When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text and to process your requests. Your device will also send Apple other information, such as your name and nickname; the names, nicknames, and relationship with you (e.g., “my dad”) of your address book contacts; and song names in your collection (collectively, your “User Data”).

    >

    [...]

    >

    By using Siri or Dictation, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information, including your voice input and User Data, to provide and improve Siri, Dictation, and dictation functionality in other Apple products and services.

    If you speak your Master Password to Siri, or use the Dictation feature, it will be sent to Apple and likely stored on their servers. Your Master Password should never be anywhere but in your head. :)

  • hawkmoth
    hawkmoth
    Community Member
    edited February 2014

    Good catch, @JasperP! I'd forgotten about the fact that the translation from speech to text is done by Apple on their server. And that they store things there to improve the quality of dictation. That makes dictation or Siri unacceptable to me, at least.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    You've hit upon a central problem, @robfol. The weakest link in your security is your Master Password, and in many cases the limit on how strong of a Master Password people will use has to do with entering it on an iPhone keyboard. So it is great that you are thinking about ways to improve this situation.

    Your specific proposal isn't going to work well, though. As @hawkmoth correctly pointed out, speaking a password is going to reveal it to anyone within earshot. Siri's voice recognition, as noted, sends the data for outside processing.

    Note that even systems that are designed to identify whether a voice belongs to a particular individual, are subject to what are called "replay attacks":

    Here is a clip from the excellent Sneakers that nicely illustrates some of the problems of biometric authentication.

  • hawkmoth
    hawkmoth
    Community Member
    edited February 2014

    @jpgoldberg, what do you think about using Touch ID for access to 1Password, if Apple were to make it available? I will say that my Diceware password would be stronger by at least one more word if I didn't find opening the app on iOS devices, particularly my iPhone, such a pain,

    Edit: I'm back to report I just read @Megan about this and the linked post by @khad. I guess those pretty much cover it, except for offering more insight into why one wouldn't want to use a fingerprint recognition system for access to a secure database.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    I think TouchID is brilliant as it is used now. It is targeted at people who don't have a passcode for their devices. I would be happy to see TouchID as an alternative to our QUC, but more hesitant as a replacement for the Master Password.

This discussion has been closed.