Something to look forward to: The four major U.S. carriers have unveiled Project Verify. This looks to simplify app logins by using a mixture of authentication methods to authenticate the user for all apps. This ideally would save the user from memorizing a bunch of complex passwords for each app.
Verizon, AT&T, Sprint, and T-Mobile have banded together in a joint venture called the Mobile Authentication Taskforce. This taskforce aims to build a universal single sign-on platform called Project Verify which allows apps to use a mixture of your phone number, SIM card, IP address, and other factors to authenticate you. The goal is have one system to do multi-factor authentication so the user doesn’t have to memorize complex passwords for all of their apps.
“Mobile carriers have invested billions of R&D dollars in the networks that people rely on every day. These networks already provide second-factor authentication via SMS messaging. With access to more network authentication tools, the Mobile Authentication Taskforce can enable even greater security.”
Project Verify as an authentication service has to be supported by the app itself and given explicit permission to use Project Verify. Once enabled, Project Verify can not only serve as a replacement for your app password, but also be used as a two-factor authentication method instead of using text messages. However, the website fails to mention any initial partners nor an actual release date.
Despite its promise of being single sign-on, technically you’ll probably still need additional authentication methods for some apps such as banking or other apps that have sensitive information. Also, because Project Verify automatically logs you in, you can still be vulnerable if someone has access to your phone. Granted, as long as you have some measure of device security (PIN, bio-metric, password…etc) that should prevent most people from getting into your device but it’s worth noting.
The name of the game here is security that is simple and convenient. The reality is that a lot of people don’t want the hassle of doing proper cyber security via separate multi-factor authentication apps like Authy or using a password manager like LastPass to ensure strong password use. Perhaps a system like Project Verify can raise the security of every smartphone while still making it convenient for most people to use their devices.