Taxpayers will be able to log in to the Australian Tax Office app using voice authentication.
The ATO announced on Tuesday it would extend its voice authentication system to its mobile app, allowing users to "enrol" a voiceprint which could be saved to their device and used to log in to the app.
Assistant Commissioner John Dardo said voice authentication logins made it as "easy as possible" for users to access ATO services on their devices.
However, security experts weren't so sure about the move.
The development came less than a year after the ATO implemented "voiceprint" technology to speed up the time it took to authenticate callers to its call centre.
The security community voiced initial concerns last year.
Security specialists again outlined concerns this week over the government's enthusiasm for creating innovative data stores for identifiers.
Geordie Guy, privacy and online rights analyst for Future Wise, told Fairfax Media the idea "wasn't very well thought through".
"While shazaming your customers to identify them sounds like a good idea in principle, it's part of a trend towards 'security through sexiness', where more exotic methods of authenticating people seem to be more secure," he said.
"An enormous cache of 1.3 million voiceprints is as attractive to hackers as any other cache of information. The only real difference is our customer service experience with government gets even worse when we have a cold. If your nose is blocked, or if you took a basketball in the throat on the weekend, or you have a nasty case of strep throat, your voice will make a different sound and the technology doesn't work."
Michael McKinnon, security awareness director at AVG, said he was concerned about "false acceptance" rates: the number of people who would be able to pass themselves off as you.
"The false acceptance rate in fingerprint technology is around one in 10,000 and sometimes as high as one in 50,000," he said.
"This means that if you were to pass your phone around a football stadium full of people, odds are at least one other person would be able to unlock your device. It comes down to the odds of that happening, and we'd hope that the odds of a random scammer sounding like you is slim, but what about members of your own family? One does have to wonder."
McKinnon said "false rejection" rates – such as when biometric authenticators like a thumbprint didn't work – were also a problem.
"In the case of the ATO, this would be akin to them thinking you're a scammer and not believing you are who you say you are – no doubt, the ATO would just fall back to other authentication methods – but this is a claim that could also be made by any scammer also, and then what use is the voiceprint?"
The ATO previously told Fairfax that voiceprints were encrypted and securely stored in a digital format within ATO data centres.
"The voiceprint digital format is stored against an internal system identifier (not the tax file number) without any other client details," it said.
"A client voice cannot be reconstructed from the digital format (you cannot recreate a voice recording from a digital voiceprint).
"If a client no longer wants to be enrolled for voice authentication, ATO staff are able to delete their voiceprint."
It reiterated this on Tuesday, with a spokesperson for the ATO telling Fairfax that voice authentication was an optional part of a two-factor authentication process in line with industry standards.
"A voiceprint cannot be reconstructed," the spokesperson said. "This means you cannot recreate a voice recording from the digital profile. This effectively renders the data useless should the information be hacked or accessed.
"Voice authentication technology can accommodate changes in voices due to ageing or health issues as long as those changes are within reasonable tolerances."
The ATO also said it stored voice audio and identity information in different databases so as to provide another layer of obfuscation and that it uses fraud detection technology to pick-up any attempts to play the system.
Should the technology fail, for, say, people for whom English is not their primary language, they can still use ATO services using their myGov details.