It feels like a dead end because it's being used wrong. "Is this John's voice?" is the wrong question. "Does this call look like how John normally calls?" is way more interesting. Same device, same time of day, same way of starting a sentence. That whole pattern is much harder to fake than a voice alone. The authentication isn't dead, it just needs to grow up from a single check into a full picture.