First it should be noted that VoiceProtect is a 3-factor authentication system versus 2-factor. Online security professionals recommend for the highest level of security there be 3 factors used in the authentication process.
VoiceProtect is the first 3-factor solution for consumers. The following table shows a comparison of our 3-factor solution versus the 2-factor solutions under most scenarios:
VoiceProtect is run by individuals that have built mission critical products you may have already trusted and used (and not even known it).
SecondMind operates VoiceProtect along with it’s telephony partner Phone.com. SecondMind was founded by Kul Singh who built companies such as Tervela that was funded by Goldman Sachs and relied on by the world’s largest banks and companies for secure data transfers. Our head of technology, Andras Kornai, is highly regarded in both academics and business (he has been part of successful companies, one acquired by Nokia).
Alon Cohen from Phone.com, who architected the telephony aspects of VoiceProtect, created the first Voice Over IP (VoIP) which enabled products such as Skype and FaceTime. And our venture investors have funded numerous important companies.
Why are we sharing this? We are just like you and we would also want to ensure our security is in good hands. We realize you may have found us from the web and are here because you are intrigued, but also want to make sure you trust us.
You can be confident that VoiceProtect is made up of individuals who have done this before and have built mission-critical products and businesses.
The problem with using mobile numbers is they were never designed for security and mobile carriers never intended to secure the entire Internet. Hackers found a way to socially engineer workers at mobile carriers into porting SIM cards, thereby creating the vulnerability that the SMS with your codes is sent to a hacker’s mobile phone device instead of yours.
Since mobile numbers are designed for communication, carriers can’t send constant monitoring messages to ensure the number is not ported (i.e., SIM swapped). This means you only find out AFTER you have been hacked.
A VoiceProtect number is designed only for security and not communication. This means we can constantly send monitoring messages without it disturbing you. And if we notice the number is ported, we automatically lock it and notify you. It’s the reverse how other phone numbers work.
VoiceProtect eliminates your risk of human error, judgement, or mischief (such as bribe).
No, they only offer a second factor whereas VoiceProtect provides 3 factors.
If your phone is compromised, hackers can open the authenticator app (Google or Authy) and see all your online services plus the codes. It is like providing a roadmap to all your online services with a key to each. VoiceProtect provides security even if hackers have full access to your phone.
Plus authenticator apps rely on backup codes, which if a hacker gains access to gives access your accounts. And lost backup codes can create a major hassle. If you buy a new phone and forget to turn off the authenticator app (and don’t have your backup codes), you are locked out and have to contact each service to gain access. For some services you will lose your account if lose your app and backup codes. This is extremely frustrating, but companies either have a choice of locking you out or relying on human judgement for your security.
VoiceProtect doesn’t need to rely on backup codes since it uses voice as a third factor. It works if you have a cold or sore throat, so unless you have completely lost your voice you don’t have to worry about losing your accounts forever or dealing with hassles to contact each service if lose your phone.
We have nothing against password managers except that you can’t fully rely on passwords and password managers because hackers can break passwords in minutes. You must use multiple factors even if you use a password manager, and we explain in other FAQs the flaws with other 2-factor approaches.
VoiceProtect provides you with the strongest authentication available since it uses 3 factors. It acts as a security overlay on top of your passwords, similar to adding an extra lock to secure your front door.
VoiceProtect acts as a protective intermediary service. The result is that the online service (you want to login to) instead sends us the code using the VoiceProtect phone number. VoiceProtect captures the code and then sends a message to you without the code. If a hacker got access to your text messages, they will see a message which contains nothing other than a link/URL to our service.
When you click the link, you must first enter the correct passcode (something you know), which the hacker doesn’t know. Next you are asked to match your voice (something you are) before you can see the access code sent by the online service. Therefore by issuing you a new phone number and acting as an intermediary service, VoiceProtect ensures you are protected even if a hacker ports your SIM card.
Mobile carriers have customer service agents doing their best to identify the caller as who they claim to be. The problem is so much of our information has been stolen online that hackers can socially engineer mobile carrier customer representatives to issue them a new SIM card that allows them to intercept SMS messages originally destined to the real owner of the mobile phone.
If a hacker fails to convince one agent or local store clerk, they can just try again with another agent or clerk until they get better at it and find an agent that is more susceptible to the hacker’s lies. Once a hacker convinces an agent (or person at the store) that they are you and ask to issue them a new SIM card, they gain access to all your SMS messages and protected accounts.
Therefore VoiceProtect provides a phone number that removes human judgment as a risk factor. It removes the mobile carrier and/or a nice store clerk’s vulnerability, from the security equation. We don’t remove the risk of a hacker porting your SIM card, but we do remove the risk of your accounts being accessed due to the SIM card theft.
No unlike your mobile phone number, you don’t share your VoiceProtect phone number with others. The VoiceProtect is not listed in any directory and is not associated with your identity in any way, so it can not be ported to another carrier. It is truly a private number that you should only use for online security purposes (we strongly recommend this). A hacker won’t even know to look for this number nor know whose identity it relates to, and therefore porting has zero value.
Second, we place a lock on each phone number so that it can’t be ported out of VoiceProtect.
Third, the VoiceProtect number is constantly monitored for any changes in ownership or forwarding or functionality. And the number is set up to receive monitoring messages. When messages received, we check that the data is correct as well as the sender of the message. If the data or sender are incorrect, we trigger an alarm. This type of monitoring cannot be done with a phone number associated with a cell phone as regular monitoring messages will bother you as there is no way to manually verify the correctness of the monitoring message.
A Google Voice number is designed for communication- not for security. A phone number for communication cannot be immediately automatically locked since they have no idea until you find out.
With VoiceProtect, we constantly monitor the number for you and if we see it was ported we immediately lock it and notify you.
It’s completely opposite of how numbers like Google Voice (or your mobile number) work and why you should be using a phone number designed for security.
To block users from a false sense of extra security, few banks and financial websites are blocking numbers that are not explicitly mobile phone numbers. People used numbers such as Google Voice numbers (see issues with this above), which doesn’t properly protect users per the intent of 2-factor authentication.
We identified less than 10 services that block the use of non-mobile phone numbers. If you have an account with a service that prevents this, we understand the frustration but it shouldn’t deter you from using VoiceProtect with your other services.
Meanwhile, we promise to educate third-party services that do not allow such numbers about VoiceProtect since our cutting-edge innovation of creating an intermediary service isn’t something they are likely aware of. We will do our best to get VoiceProtect(™) phone numbers whitelisted for those services.
All it takes is for you to read an article that we will show you during enrollment. You will need to read the article for approximately 40 seconds, and show a progress bar to indicate how much is remaining. If during enrollment you need to stop unexpectedly, there is a pause button and you can continue again, but only from the same device.
We understand possible concerns around privacy and we take it very seriously. We as individuals designed the system as with privacy in mind. The following steps ensure the highest level of privacy.
First, your voiceprint and your VoiceProtect number, are stored separately each on a different company’s database (SecondMind and Phone.com). This data is connected only by an encrypted random identifier that is designed to prevent hackers from gaining access and connecting the dots. This decentralization ensures the highest level of security and privacy. We ask for no other personal identifying data about you (such as your name or email).
Second, when you enroll or verify your voice, we encrypt and stream your voice to ensure no files are ever created in the process and that no one can listen in. The VoicePrint algorithm creates a proprietary mathematical representation of the stream as it is being delivered. Third, all stored data is encrypted.
Lastly, at any time you choose to cancel with us we completely delete the data (your mobile phone number, voiceprint, and your VoiceProtect phone number).
No. One of the major advantages of VoiceProtect in that no account is created or required. To ensure the highest level of privacy we take the bare minimum information. We do NOT take your name or email address or make you create an account with a username. This ensures we have no personal identifying data associated with you.
In addition the information we do take is stored in a decentralized manner to ensure the highest level of security and privacy.
Another key differentiator of VoiceProtect versus other authentication approaches is we support no backdoors such as backup codes or security questions. Both of these represent security vulnerabilities. Backup codes can be stolen from a device that it is saved on or can be accessed by a hacker at time they are shared by a service since they must be shown in plain text (versus encrypted so you can see and copy them). And answers to security questions are constantly stolen by hackers and therefore a weak link in any system. Instead of these backdoors, VoiceProtect requires all 3 factors to be correct.
You simply visit our website and click link where it says to Change or Cancel Service. We will then send you an SMS or email with a link to authenticate. Once you pass all 3 factors, we offer you the option to update or change your credit card, or to cancel service.
We also offer the option to send you an SMS or email each time there is a monthly charge. By default this is turned off to limit the messages we send you.
No other changes are allowed. If you need to change your phone number, we require you to cancel your service and create a new account from scratch. We realize this is inconvenient but it also creates a higher level of security.
You can cancel your account at anytime. When you cancel we will immediately delete your VoiceProtect phone number and voiceprint so it is important you change the phone number used for SMS 2-factor authentication on all the applicable online services to a different phone number prior to canceling. If you cancel in the middle of a payment cycle, there is no credit for the period between cancelation and the end of the paid period. Once you canceled the service, you will no longer be charged going forward.
Please contact us at firstname.lastname@example.org