TalkTalk Drops Passwords For Voice Recognition After Hack

TalkTalk has dropped the requirement for customers to use conventional passwords to access their account.

The change is one of a series of measures implemented by the ISP following the devastating hack last October, which resulted in the theft of the personal details of 156,959 customers.

Biometric Login

TalkTalk is now allowing its customers to utilise biometric login, namely voice recognition. The ISP said that all of its four million customers will be able to use their voice as their password, and that it is the first ISP to offer the techology to its customer base.

TalkTalk is utilising the voice biometric technology from Nuance Communications for this facility.

The ISP is calling the feature TalkSafe, and says Nuance’s solution, which is already used by leading banks, identifies customers by analysing over a hundred unique characteristics of their voice including the shape of larynx, vocal tract and nasal passage, alongside pronunciation, emphasis and speed of their speech.

The way it works is that when a customer calls TalkTalk, they will complete their current verification process. When that is done, they will have the option to set up TalkSafe by repeating a simple phrase three times. This creates a “voiceprint,” which will be used in subsequent calls.

So when the customer calls TalkTalk again, they repeat the agreed phrase “With TalkSafe, my voice is my password”. Nuance’s biometric technology then analyses the voice and verifies the caller’s identity, enabling the customer service team to assist the customer immediately.

TalkTalk believes that as each person’s voice is unique, voice biometric technology is one of the most secure forms of identification.

“TalkSafe will reduce the time customers spend on a call and if callers are transferred to a different customer service advisor, they won’t have to repeat their details, as the voice authentication technology will have already verified their identity,” said the ISP.

It hopes the introduction of the technology will “ensure customer data is as secure as possible” and that voice biometrics will “reduce the amount of sensitive personal information customers will have to disclose.”

“We’ve listened to what our customers have told us about wanting a simple, secure service,” said Tristia Harrison, TalkTalk’s consumer managing director. “TalkSafe is an important and exciting step on that journey.”

“As the first UK telecoms provider to roll out voice biometrics as standard, we’re proud to be leading the way in making this advanced technology accessible to millions of homes across the country at no extra cost,” said Harrison.

Burnt Fingers?

The change comes after a security expert previously questioned whether TalkTalk had learned its lessons from the hack.

Last year, Martin Alderson, Codified Security’s chief technology officer told TechWeekEurope, that TalkTalk customers were still at serious risk after it had uncovered ongoing vulnerabilities with the Internet Service Provider

TalkTalk for its part has insisted it has thoroughly changed its security processes, but CEO Dido Harding admitted to MPs TalkTalk was not accredited by Cyber Essentials at the time of the hack. This was the government-backed scheme launched in June 2014 to help organisations protect themselves against digital attacks.

The ISP has certainly been undergoing changes. Last year for example it caused controversy when it ditched thousands of rural broadband customers and forced them to move to Fleur Telecoms, or change ISP altogether.

Are you a security pro? Try our quiz!