For the Charles Schwab Challenge, our goal was to design and implement an alternative to password authentication when logging into a secure account. Passwords are messy and easily compromised, so we wanted to find a cleaner, safer solution that is still user friendly and not obtrustive.
What it does
Schwadio allows for two-factor voice authentication. When a user attempts to log into their account, they are sent an email with a security question. They must speak the answer to the client device to log in. Schwadio checks both the content of the answer and the user's voice to determine who is trying to log in before authenticating.
How we built it
We explored multiple implementations for Schwadio. We had a few innovations that weren't fully integrated into the final version of the app. We implemented a Markov text chain that generates sentences of words that different people pronounce differently (for example, Azure, Caribbean, and Caramel). Before implementing a security question, our idea was to create a randomly generated phrase to use to scan the client user's voice. We opted to use a security question instead because it adds an additional layer of security to logging in. Even if a malicious user intercepts my email, the answer to my security question may not be known.
Next, we explored multiple implementations of voice verification. We initially explored Microsoft Azure's cognitive services' voice identification API. We had some trouble using this API, as the API is still in Preview. We had some issues with runtimes and with linking this API to Firebase, so we ended up using a neural network and SVM implemented in Tensorflow to classify speakers.
The next layer of security was verifying the actual answer to the security question. We used Rev's text-to-speech API to validate user input and compare to the user's answer to their security question when initializing the app. Rev worked particularly well over validating using Azure because it was very accurate in one pass.
We had a lot of challenges integrating Azure, so we had to change our implementation partway as described above. The biggest challenge in this project was integrating multiple APIs and services so that they worked as one cohesive service.
Accomplishments that we're proud of
We feel that our idea is unique and robust in terms of security. We integrated multiple levels of user validation in an elegant user experience.
What we learned
We learned about how to use Azure and Firebase
What's next for Schwadio
The next step for Schwadio is building an API so that our service can be used by multiple platforms, and seamlessly integrated into another application.
Other ideas we want to explore are integrating Azure and using Duo or another two-factor solution instead of email.