In recent years, biometric authentication has become a popular alternative to password, PIN, and pattern-based authentication because biometric characteristics do not need to be remembered—such characteristics are intrinsic to each user. One downside to this aspect of biometrics is that, if a user's biometric is stolen or otherwise comprised, it may be difficult or impossible to change it (depending on the nature of the biometric) for authentication purposes. For example, assume a user A configures his/her smartphone to unlock upon recognizing his/her face. If a malicious user B circumvents this face-based authentication by, e.g., using a photograph of user A's face to gain access to user A's smartphone, there is no practical way for user A to change his/her face biometric in order to lock out malicious user B. Instead, user A will need to reconfigure his/her smartphone to authenticate his/her identity using a different biometric, or possibly a non-biometric method.
There are certain types of biometrics that are changeable to an extent by a user. For instance, a text-dependent voice password/passphrase is based on both the characteristics of a user's voice as well as the particular words spoken by the user. The spoken password/passphrase can be changed at-will through a retraining process. When this type of biometric is used for authentication, maximum security is achieved if the spoken password/passphrase is kept secret, thereby forcing a malicious user to not only replicate the user's voice, but also replicate the actual words trained by the user. However, this then creates the problem mentioned above of requiring the user to remember his/her spoken password/passphrase.