For example, according to some embodiments, when a user launches application 220, the user may speak a command, such as “check status of insurance claim.” The user may be identified by information from the user's device such as a phone number, device ID, and/or IP address. The user's identity may be verified using biometric information or other information collected passively (i.e., without requesting that the user provide authenticating information). A confidence in the verification may be calculated, which can be used to determine an access level of the user. The confidence in the verification may take many forms including discrete levels (e.g., high, medium, and low), continuous levels (e.g., a score from 1 to 100), a multi-categorical level (e.g., speech with a discrete level of medium, fingerprint with a continuous level of 78, total information amount with a discrete level of low, etc.), a time-based level (e.g., the lowest level within the past 1 minute) or other form. The access level may be changed as the confidence is recalculated with additional information during the user's interaction.

Biometric information collection module 225 may collect biometric samples from a user, such as the user's voice speaking the command, to verify the user. Other types of biometric information collected may include eye movement, a retinal scan, behavioral biometrics (e.g., characteristics of how the user types such as pressure on the keyboard and time between typing movements), and other biometric information. The biometric sample may be used by the authentication engine 120 and/or service provider 125 to authenticate the user. Biometric information collection module 225 may collect biometric information continuously throughout the user's session with the organization, providing for a dynamic authentication process.