US carriers testing replacement for two-factor authentication
Major US cell phone carriers are working on a mobile authentication system that could create a new open standard. Under the banner of the Mobile Authentication Taskforce, AT&T, Sprint, T-Mobile and Verizon say they have a solution which could roll out before the end of the year: next-generation, multi-factor mobile authentication (hopefully they’ll come up with a snappier name for it before launch), which is intended to provide better security than the two-factor authentication we’ve become accustomed to (and which is not without its flaws).
Verizon owns Engadget’s parent company, Oath (formerly AOL). Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.
The platform, powered by the carriers’ networks, works by delivering a cryptographically verified phone number and profile data to authorized applications with the user’s consent. Then it takes into account a whole bunch of other authenticating factors, such as a network verified number, IP address, SIM card attributes and phone account type, to make sure purchases and data usage is legit.
Advanced analytics and machine learning is also slated for the platform, so it can assess risk while understanding users’ unique habits. The task force is going to start trialling the platform in the coming weeks, and says it will launch a website later this year for interested service providers. If it works as well as they say it will, it could be a good signifier of trust for mobile apps, as registered developers will be able to leverage the platform only after submitting requests through a system that uses private blockchain technology.
(51)