Frequently Asked Questions
HOW DOES VOICEPROTECTTM COMPARE TO 2-FACTOR AUTHENTICATION OPTIONS?

First it should be noted that VoiceProtect is a 3-factor authentication system versus 2-factor. Online security professionals recommend for the highest level of security there be 3 factors used in the authentication process: something only you have, something only you know, and something only you are. In our case the “something you have” is your phone because we will send you an SMS whenever you try to login. The “something you know” is a passcode we require before you can do the voice verification. Lastly, the “something you are” is the voiceprint or voice verification. In our turnkey approach all three are required. When combined it provides greater online security versus using only a password or any 2-factor authentication solution.

The following table shows a comparison of our 3-factor solution versus the 2-factor solutions under most scenarios:

WHAT IS THE RISK WHEN USING MY MOBILE PHONE NUMBER?

The entire point of 2-factor authentication is to ensure a message is sent to a device that only you have. SMS became a popular 2-factor authentication method with online services because standard SMS messages (versus something like an iMessage or Whatsapp message) can only be received by a single mobile phone device. This made a lot of sense until hackers found a way to trick mobile carriers into porting SIM cards, thereby creating the vulnerability that the SMS is sent to their mobile phone device instead.

WHY CAN’T I USE A GOOGLE VOICE NUMBER TO PROTECT ME?

A Google Voice number removes the risk of mobile carriers porting your SIM card but it also defeats the entire purpose of having 2-factor authentication. This is because your Google Voice account can be accessed from any web browser on any computer. In many ways, using a Google Voice account is no different than using your Gmail- both can be accessed from a browser so you don’t get the added security you want. Instead you are making a tradeoff in terms of risk.

With VoiceProtect you get the best of both worlds versus having to live with tradeoffs. That’s because VoiceProtect provides you with 3 layers of protection (3-factor authentication) whereas Google Voice actually adds risk.

WHY DO I NEED A NEW PHONE NUMBER TO USE VOICEPROTECT?

Mobile carriers have customer service agents doing their best to identify the caller as who they claim to be. The problem is so much of our information has been stolen online that hackers can socially engineer mobile carrier customer representatives to issue them a new SIM card that allows them to intercept SMS messages originally destined to the real owner of the mobile phone.

If a hacker fails to convince one agent or local store clerk, they can just try again with another agent or clerk until they get better at it and find an agent that is more susceptible to the hacker’s lies. Once a hacker convinces an agent (or person at the store) that they are you and ask to issue them a new SIM card, they gain access to all your SMS messages and protected accounts.

A new VoiceProtect Number removes the mobile carrier and/or a nice store clerk’s vulnerability, from the security equation. We don’t remove the risk of a hacker porting your SIM card, but we do remove the risk of your accounts being accessed due to the SIM card theft.

I USE SMS 2-FACTOR AUTHENTICATION, WHAT DOES VOICEPROTECT PROVIDE?

VoiceProtect acts as a protective intermediary service. The result is that the online service (you want to login to) instead sends us the code using the VoiceProtect phone number. VoiceProtect captures the code and then sends a text message to your phone. If a hacker got access to your text messages, they will see the text message which contains nothing other than a link/URL to our service.

When you click the link, you must first enter the correct passcode (something you know), which the hacker doesn’t know. Next you are asked to match your voice (something you are) before you can see the access code sent by the online service. Therefore by issuing you a new phone number and acting as an intermediary service, VoiceProtect ensures you are protected even if a hacker ports your SIM card.

CAN I SELECT OR CHANGE MY VOICEPROTECT PHONE NUMBER?

Initially, VoiceProtect(™) selects the number for you. However, we may add this option later for a small monthly fee.

ISN’T VOICEPROTECT AT SAME RISK OF GETTING PORTED BY HACKERS?

No unlike your mobile phone number, you don’t share your VoiceProtect phone number with others. The VoiceProtect is not listed in any directory and is not associated with your identity in any way, so it can not be ported to another carrier. It is truly a private number that you should only use for online security purposes (we strongly recommend this). A hacker won’t even know to look for this number nor know whose identity it relates to, and therefore porting has zero value.

Second, we place a lock on each phone number so that it can’t be ported out of VoiceProtect.
Third, the VoiceProtect number is constantly monitored for any changes in ownership or forwarding or functionality. And the number is set up to receive monitoring messages. When messages received, we check that the data is correct as well as the sender of the message. If the data or sender are incorrect, we trigger an alarm. This type of monitoring cannot be done with a phone number associated with a cell phone as regular monitoring messages will bother you as there is no way to manually verify the correctness of the monitoring message.

HOW COME VOICEPROTECT DOESN’T WORK FOR SOME OF MY ONLINE SERVICES?

To block users from a false sense of extra security, few banks and financial websites are blocking numbers that are not explicitly mobile phone numbers. People used numbers such as Google Voice numbers (see issues with this above), which doesn’t properly protect users per the intent of 2-factor authentication.
We identified less than 10 services that block the use of non-mobile phone numbers. If you have an account with a service that prevents this, we understand the frustration but it shouldn’t deter you from using VoiceProtect with your other services.

Meanwhile, we promise to educate third-party services that do not allow such numbers about VoiceProtect since our cutting-edge innovation of creating an intermediary service isn’t something they are likely aware of. We will do our best to get VoiceProtect(™) phone numbers whitelisted for those services.

HOW DO I CREATE A VOICEPRINT?

All it takes is for you to read an article that we will show you during enrollment. You will need to read the article for approximately 40 seconds, and show a progress bar to indicate how much is remaining. If during enrollment you need to stop unexpectedly, there is a pause button and you can continue again, but only from the same device.

DO I NEED TO BE CONCERNED ABOUT MY PRIVACY?

We understand possible concerns around privacy and we take it very seriously. We as individuals designed the system as with privacy in mind. The following steps ensure the highest level of privacy.
First, your voiceprint and your VoiceProtect number, are stored separately each on a different company’s database (SecondMind and Phone.com). This data is connected only by an encrypted random identifier that is designed to prevent hackers from gaining access and connecting the dots. This decentralization ensures the highest level of security and privacy. We ask for no other personal identifying data about you (such as your name or email).

Second, when you enroll or verify your voice, we encrypt and stream your voice to ensure no files are ever created in the process and that no one can listen in. The VoicePrint algorithm creates a proprietary mathematical representation of the stream as it is being delivered.
Third, all stored data is encrypted.

Lastly, at any time you choose to cancel with us we completely delete the data (your mobile phone number, voiceprint, and your VoiceProtect phone number).
Our mission is to make you more secure so we will do everything possible to ensure that. Please read ourprivacy policy to learn more.

DO I NEED TO CREATE A VOICEPROTECT ACCOUNT?

No. One of the major advantages of VoiceProtect in that no account is created or required. To ensure the highest level of privacy we take the bare minimum information. We do NOT take your name or email address or make you create an account with a username. This ensures we have no personal identifying data associated with you.
In addition the information we do take is stored in a decentralized manner to ensure the highest level of security and privacy.

Another key differentiator of VoiceProtect versus other authentication approaches is we support no backdoors such as backup codes or security questions. Both of these represent security vulnerabilities. Backup codes can be stolen from a device that it is saved on or can be accessed by a hacker at time they are shared by a service since they must be shown in plain text (versus encrypted so you can see and copy them). And answers to security questions are constantly stolen by hackers and therefore a weak link in any system. Instead of these backdoors, VoiceProtect requires all 3 factors to be correct.

WHAT IS THE RISK WHEN USING MY MOBILE PHONE NUMBER?

The entire point of 2-factor authentication is to ensure a message is sent to a device that only you have. SMS became a popular 2-factor authentication method with online services because standard SMS messages (versus something like an iMessage or Whatsapp message) can only be received by a single mobile phone device. This made a lot of sense until hackers found a way to trick mobile carriers into porting SIM cards, thereby creating the vulnerability that the SMS is sent to their mobile phone device instead.

IF THERE IS NO ACCOUNT, HOW DO I MAKE CHANGES OR CANCEL?

The entire point of 2-factor authentication is to ensure a message is sent to a device that only you have. SMS became a popular 2-factor authentication method with online services because standard SMS messages (versus something like an iMessage or Whatsapp message) can only be received by a single mobile phone device. This made a lot of sense until hackers found a way to trick mobile carriers into porting SIM cards, thereby creating the vulnerability thYou simply visit our website and click link where it says to Change or Cancel Service. We will then send you an SMS with a link to authenticate (like any other time). Once you pass all 3 factors, we offer you the option to update or change your credit card, or to cancel service.

We also offer the option to send you an SMS each time there is a monthly charge. By default this is turned off to limit the messages we send you (since we don’t take your email address we can only send by SMS).
No other changes are allowed. If you need to change your phone number, we require you to cancel your service and create a new account from scratch. We realize this is inconvenient but it also creates a higher level of security.
You can cancel your account at anytime. When you cancel we will immediately delete your VoiceProtect phone number and voiceprint so it is important you change the phone number used for SMS 2-factor authentication on all the applicable online services to a different phone number prior to canceling. If you cancel in the middle of a payment cycle, there is no credit for the period between cancelation and the end of the paid period. Once you canceled the service, you will no longer be charged going forward.at the SMS is sent to their mobile phone device instead.

I HAVE ANOTHER QUESTION- HOW DO I SPEAK WITH SOMEONE?

Please contact us at contact@secondmind.ai

VoiceProtect is powered by Second Mind Labs and Phone.com