In a speaker verification task, speech is used as a unique biometrie identifier of an individual. A speaker presents his credentials along with a voice sample. The system matches the voice sample to its own model for the speaker to accept or reject him. This has many pitfalls. First, speech by itself, is not a sufficiently "strong" biometric, and false acceptance is a problem. Second, the user must provide the system with voice samples. This puts the speaker's privacy at risk. The system may infer personal information about the user, such as gender, age, ethnicity, health, etc. Finally, if a malicious entity pilfers the speaker's models from the system, the loss is permanent. The speaker cannot change their voice to re-enroll. In this paper, we present a two-factor transformation that addresses all the above issues. It combines a personal password with speech features in order to increase the performance of a verification system. At the same time it is guaranteed not to not reveal any information about the speech or the password to the system. Finally, it is cancelable; if a model is compromised, the user can re-enroll without risk. In particular, we study a transformation that preserves the ℓ ₁ distance between features as long as this is smaller than some threshold and the user uses the correct password. Experimental results confirm the theory of the proposal in term of improvement in the system's accuracy, finding conditions to get zero error. Security consequences and feasibility of its implementation are discussed.