Google, Microsoft, Apple tech companies, and cellular operators are trying to kill the password. The four major US mobile carriers – AT&T, Sprint, T-mobile US, and Verizon Wireless – have joined together for a new authentication system that would manage your logins without even entering a password.
A new system ZenKey works just like any other single sign-on service (SSO) that provides enhanced protection from data breaches resulting from username and password hacks because ZenKey uses multiple unique data elements to identify and authenticate your accounts.
ZenKey continuously leverages security technology advances in your wireless carrier, so you benefit without added complexity, keeping your experiences simple and effortless. It verifies your identity through a multi-factor profile that’s tied to your mobile device by taking into account the subscriber information from your cell service, including IP address, SIM card details, phone number, and your fingerprint or face. To use it, all major third-party services – banks, social media, retail, etc. will have to support ZenKey SSO else, this carrier-based system will be a tough sell.
No doubt ZenKey is trying nobly to resolve the problem of too many passwords, but the main question is whether you want your carrier managing your logins across the websites and apps you use on your phone. More significantly, the adoption of this initiative will depend on how much trust consumers put with wireless companies.
Another potential issue is the legitimate threat of SIM swapping attacks – a smart social engineering trick used by cybercriminals to persuade phone carriers into transferring their victims’ cell services to a SIM card under their control. If someone can get your number that being swapped, they could potentially access your online accounts too.
With Apple already positioning itself as a privacy-conscious alternative through sign-in procedure, it will be interesting to see if sign in with ZenKey can make this possible.