Comment by reactordev
7 hours ago
What’s terrible is each time I am forced to call the bank, the more they try to tell me voice ID is secure and want me to provide my voice to authenticate. Never. Did ya’ll never play Uplink? With voice cloning as good as it is now, there’s no way a voice ID is secure enough for authentication.
My voice is my passport.
(never heard of anyone actually using that in real life, sounds uttery insane)
Vanguard keeps pushing it. https://duckduckgo.com/?q=vanguard+voice+verification
Yeah my bank does the same except don’t think there is an opt out.
Kinda crazy
Spam 0, you’ll eventually get some customer service agent
Fancy private bank so getting a human isn't the issue
...but I know one of the signals they use for authentication is voice analysis in background...which I do not love.
1 reply →
I find so many of these things utterly insane. Much like the way a fax of a signed document is considered legally meaningful. I think we have to stop pretending any kind of digital media presentation of a document, face, voice, etc. can be authenticated by its content.
We really need to get to the point where any legally-binding digital authentication MUST be rooted in an in-person identity-proofing and authenticator binding ritual. Something you perform in front of a trained official, where physical inspection and local demonstration/activation of the authenticator is possible. This should be the basic standard to associate digital authenticators used in KYC legal and financial scenarios. The outcome should be some kind of standard digitally-signed certificate which can then be presented to KYC-compliant vendors to link the authenticator to a legal identity when establishing or maintaining financial accounts and records.
Perhaps there could be tiered certificates, where a high-stakes one would require this to be done in a secure facility where you expose yourself to risk of immediate arrest if presenting falsifiable identity claims. A more typical and decentralized version might be an upgrade of the notary public system in the US. Some kind of public digital ledger should record these certifications as well as revocations done by complementary rituals.
For social or informal accounts without KYC goals, some of this same machinery could be adopted. Simply modify or downgrade the identity-proofing part of the ritual as appropriate. This could link into other strategies like PGP web-of-trust or lesser kinds of identifiers like possession of phone numbers, email addresses, etc.
There would need to be criminal liability for officials misbehaving and certifying such identity and authenticator bindings without performing the requisite identity-proofing procedures.
name and shame the bank
Schwab still does voice passwords. "At Schwab, my voice is my password"
https://www.schwab.com/voice-id
> my voice is my password
So... This has to be a Sneakers reference, right?
rofl, IYKYK