The project has been announced by the Mobile Authentication Task Force, whose members include AT&T, Sprint, T-Mobile and Verizon. The new authentication initiative is called “Project Verify” and it is being pitched as a way to give consumers a more streamlined method of proving one’s identity when creating a new account at a given Web site. Also it aims to replace passwords and one-time codes for logging in to existing accounts at participating sites.
Project Verify could improve online authentication because the mobile companies have access to several unique signals and capabilities that can be used to validate each customer and their mobile device(s). This includes knowing the approximate real-time location of the customer; how long they have been a customer and used the device in question; and information about components inside the customer’s phone that are only accessible to the carriers themselves, such as cryptographic signatures tied to the device’s SIM card.
The Task Force currently is working on building its Project Verify app into the software that gets pre-loaded onto mobile devices sold by the four major carriers, according to security expert Brian Krebs. The basic idea is that third-party Web sites could let the app handle the process of authenticating the user’s identity, at which point the app would interactively log the user in without the need of a username and password.
Moreover, participating sites could use Project Verify to supplement or replace existing authentication processes, such as two-factor methods that currently rely on sending the user a one-time passcode via SMS/text messages, which can be intercepted by cybercriminals.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.