The four major U.S. wireless carriers in March announced plans for a new authentication platform for the iPhone and other mobile devices. Now, the effort has a name.
The Mobile Authentication Taskforce, consisting of wireless carriers Verizon, AT&T, Sprint and T-Mobile, announced that its effort to prevent fraud and data breaches has a name, Project Verify.
"It's time for a comprehensive solution that reduces friction, combats fraud, and builds trust. The Mobile Authentication Taskforce is building that solution now," the website says.
On March 1, the carriers had announced plans to build an app authentication platform.
"The Project Verify solution will change identity management and security, replacing passwords with more secure, device-based, multi-factor authentication," the taskforce said. "Consumers will be in the driver's seat, choosing what information they share. They simply log in with their mobile device — Project Verify does the rest."
The material states that the carriers are "building" the technology, so it's not clear exactly when it might be ready, nor how well it will actually work. The Project also released a video discussing the program, in the broadest of terms.
The members are the four leading U.S. carriers, although Sprint and T-Mobile are in the process of merging.
7 Comments
Why in the hell would anyone trust these companies that only want to collect as much personal information about you as possible with their sensitive data?
I watched the video and yes, it looks like it could be a good system that forces the account to a single mobile device. Of course, as @payeco commented, there's no way I am going to trust the Verify backend system with all my passwords to all my websites. Right now, Verizon only has the password to its website and that's all they'll ever have. Why would anyone trust these four companies to hold all the keys to the kingdom? Hack into the Verify system and you have everyone's passwords. I'm sure people can spoof SIM cards and hardware identities. This also means that every mobile device ends up needing a distinct authentication package while right now, using Apple's keychain in iCloud, one password works on all my devices and when I am able to use two-factor (text message), the text come very quickly (like a matter of 2-3 seconds). These companies need to spend their money protecting their own systems not others.
I am happy with 1Password and it’s simpler solution works well and I am the only trusted party. Why would I want someoneelse be in charge of all my passwords, that’s just silly!
I think you all are overreacting to Verify Project. From what I suspect, it collects unique factors and generates a hash. Once a hash is generated, it cannot be decrypted or reversed to original data. It's only one way.
The biggest pet peeve of mine is being sent a text message and copying the code into an app or website to verify. The Verify Project eliminates that completely. A well-implemented project would make it impossible to "hack" because it would utilize several factors that verify the legitimate user. Even if you spoof a few factor, it would not be possible once all the factors are calculated.
Of course, you may think, "What if someone steals your phone?" Well, we have FaceID, TouchID, passcodes, biometrics for phones and it's no longer acceptable if you don't use them anymore. But let's say, you are stupid and didn't do anything to protect it, you can easily call the phone carrier and it will disable your phone which in turn makes Verify useless.
If Verify project is open sourced and anyone can measure the incoming and outcoming data associated with Verify, we can know what's going on.
I support the project. The speculation on "data" being shared is ridicuous - it's already happening now, Verify cannot do that if it just hashes all data.
I'm glad these groups are raising the awareness of the importance of security, but ... just not buying Android would solve most of the problems almost instantly. :)