One of the reasons why voice is so powerful as a biometric is that can combine what people say with the way that they say it, which means that it provides two-factor authentication in a single action and it can do it at a distance over the voice channels. Fingerprints, iris scans, retina scans, and face recognition can all produce biometric identification (what you are), but something else is needed to provide a second and more secure authentication factor (something you know, for instance). Remote scanners for the other biometric security mechanisms are expensive and not widely deployed, because remote biometrics are useless unless they are in a tamper-resistent device. Phones, on the other hand, are ubiquitous, cheap, and well-understood by consumers and they work as remote devices because systems can ask consumers to respond to arbitrary phrases and these make it difficult to mount effective replay attacks.
Not only are voice systems therefore less expensive than some alternative biometrics, such as fingerprints, they are also more accurate, apparently, according to the Dr. Clive Summerfield, a founding member of the Australian National Centre for Biometric Studies. This is of special interest in the digital identity world, because something as accurate as fingerprints but viable over remote channels (primarily the mobile phone, of course) has the potential to be a very disruptive technology.
I wonder what security experts will make of the situation in the U.S., where voice recognition biometric security devices are being used to protect girls’ diaries. As the writer notes, if voice recognition can pass the rigorous demands and fanatical testing that is no doubt being conducted by this new class of consumers, then this is a security technology that should be incorporated in the highest levels of the Pentagon.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]