I've thought about voice authentication (as a user not connected with the company);
I'm thinking possibly using LDAP(and once functioning kerberos support) to create multiple user accounts (on a private LDAP server in my home lab for development, but for distribution could be cloud authenticated or from a private identity server process running on a local machine that has enough power to handle the requests for Mycroft across the home/business simultaneously), then teaching mycroft how to learn a user's intonations, cadence, rhythm, and frequency range (Skill names: mu_add_user , multi_user_retrain_user) to allow it to determine the likelihood that the user matches a stored profile, then validates privileged requests based on a spoken passphrase in addition to requiring that the match probability be within the "very high" threshold limit which I suppose i'll determine once i can get it to give me probability percentages. (Skill names: auth_phrase_verify , auth_phrase_change) Side note: pass phrase is separate from the set LDAP password, which is for key-entry only and is for verifying user during manual input and for mycroft to insert for authentication purposes once verified.
once you have the way to authenticate users and have reasonable probability predictions, then it's safe to build skills that utilize the authenticate_user and authenticate_privileged_user skills, for instance, take a family with two adults and two children.  denotes mycroft logic (highly simplified) "" indicates speech either from a user or output speech from mycroft, and () indicate an action from a user that is not spoken per se.
Child: "Hey mycroft, lower the temperature"
Mycroft:[recognizes child 1, probability "very high"] "I'm sorry, you don't have permission to change the temperature"
Child 2 (attempting to mimic a parent's voice): "Hey mycroft, lower the temperature"
Mycroft: [threshold for request within "questionable range" proceed with step 2] "Parental controls are enabled. Please authenticate using your passphrase"
Child 2 (still attempting to mimic said parent): "[gives the correct phrase]"
Mycroft: [recognizes probability threshold below requirement, intonations not within threshold for passphrase] "I'm sorry, I didnt' recognize your response, please try again"
Child 2 (forgets to mimic parent): "[gives the correct phrase]"
Mycroft: [recognizes child 2, very high probability; intonations not within threshold for passphrase] "It's not polite to pretend to be someone else, [child 2]"
Mycroft: [generates log of interaction, notifies parents using preferred notification method for security notifications]
and because I like to round it out with an authorized use:
Parent 1: "hey mycroft, lower the temperature by one degree"
Mycroft: [Parent 1 probability match "Very High", short prompt step 2] "pass phrase required to complete request"
Parent 1: "[gives correct pass phrase]"
Mycroft: [Parent 1 match "Very High", Passphrase threshold met, complete request] "consider it done"
other skills that would be highly useful once user authentication is available:
Advanced Diagnostics (beyond basic troubleshooting, scripted procedures run on command)
Disable/Enable authentication for users
Parental Controls (can be single-skill or command calls baked into other skills)
Configure Access Classes (LDAP)