While listening to NPR this morning, I heard the director of US Sprint giving a demonstration of his company's new voice-activated long distance calling system. The user dials 1-800-GIVEUS$ and verbally enters his/her passcode. Apparently, the system recognizes and checks the code as well as analyzing the caller's voice pattern, comparing it to a recorded sample to verify the caller's identity. So, what's the catch? As hinted in the title, the passcode is the customer's SSN plus one digit supplied by US Sprint. Now all the bad guys need is a sharp set of ears or a microphone in the phone booth and they have us by the <insert name of whatever organs you hold near and dear to your heart>. I hope this idiotic passcode scheme dies a quick, horrible death. Maybe I misunderstood or the reporter got it wrong (a permutation on the SSN is little better, though), but I don't think so. ObRant about the dangers of giving out one's SSN deleted for brevity. -- Best regards, Curtis D. Frye - Economic Analyst, Software Alchemist, Aspiring Author cfrye@ciis.mitre.org "If you think I speak for MITRE, I'll tell you how much they pay me and make you feel foolish."