We typically see the big four US carriers competing in a cut throat fashion to steal customers from each other, but even the strongest rivals can be frenemies sometimes. The Mobile Authentication Taskforce — AT&T, Verizon, T-Mobile, and Sprint — have released product details for what it calls a “next-generation mobile authentication platform.”
From the sound of it, this system could be the carrier solution to replace the inferior SMS-based authentication method used by tons of services today. The problem with SMS as a second method is that phone numbers are not private and aren’t impossible to spoof.
This highly secure solution will deliver a cryptographically verified phone number and profile data for users of authorized applications with their consent. Authentication security is strengthened by processing unique attributes such as a network verified mobile number, IP address, SIM card attributes, phone number tenure, phone account type and more. In addition, advanced analytics and machine learning capabilities will be used to help assess risk and protect customers.
The group says developers will be able to register with the new system and rely on “private and permissioned blockchain technology” to maintain app integrity. The effort to build out the new system started last year:
Formed last year to develop a mobile authentication solution to help protect enterprises and consumers from identity theft, bank fraud, fraudulent purchases and data theft, the Mobile Authentication Taskforce has dedicated resources developing a highly secure and trusted multi-factor authentication platform powered by the carrier networks. The taskforce vision includes interoperability with GSMA’s Mobile Connect technology.
For now, the new system is not yet available, but the group says it will start testing it internally soon. Ultimately, the task force wants consumers to be able to use the new system by the end of the year, and a new website for developers to enroll in the system will also debut this year.
For now, relying on app-based authentication from services like 1Password, Authy, or Google Authenticator is the most secure approach to two-step verification and two-factor authentication where supported.