Latest in Gear

Image credit:

US carriers partner on a better mobile authentication system

AT&T, Sprint, T-Mobile and Verizon formed a taskforce to create a new open standard.
Steve Dent, @stevetdent
September 8, 2017
Share
Tweet
Share

Sponsored Links

Bloomberg via Getty Images

Two-factor authentication (2FA) via SMS and a smartphone provides a heavy dose of additional security for your data, but as the US government declared last year, it's not without its flaws. To fix that, the big four US mobile operators, Sprint, T-Mobile, Verizon and AT&T have formed a coalition called the Mobile Authentication Taskforce to come up with a new system. Working with app developers and others, they'll explore the use of SIM card recognition, network-based authentication, geo-location, and other carrier-specific capabilities.

The idea is to marry current 2FA with systems that "reduce mobile identity risks by analyzing data and activity patterns on a mobile network to predict, with a high degree of certainty, whether the user is who they say they are," according to the news release.

The problem with SMS authentication is that skilled hackers have successfully hijacked SMS codes in the past, often simply by contacting the carrier and impersonating the victim. It also falls apart if thieves grab your smartphone along with your PC, gain access to your phone via malware, or just steal a glance at a 2FA message on your lockscreen.

Through strong collaboration, the taskforce announced today has the potential to create impactful benefits for US customers by helping to decrease fraud and identity theft, and increase trust in online transactions.

The system will be an open one that can work the four carriers and others. "We will be working closely with the taskforce to ensure this solution is aligned and interoperable with solutions deployed by operators," said Alex Sinclair, CTO of mobile industry group GSMA.

The goal to improve 2FA security sounds like a noble one, but Congress, at the urging of carriers and ISPs, recently eliminated certain customer privacy protection rules. As such, consumer protection groups might have concerns about 2FA systems that could be used by operators to track customers, for example.

The new system is supposed to arrive for "enterprises and customers in 2018," the group says. In the meantime, if you're still not using two-factor authentication (SMS or otherwise), you really, really should be.

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Google adds Nest Secure to its list of discontinued projects

Google adds Nest Secure to its list of discontinued projects

View
LG's rollable OLED TV goes on sale for $87,000

LG's rollable OLED TV goes on sale for $87,000

View
Apple will reportedly add 5G support for iPhone 12 in dual SIM mode

Apple will reportedly add 5G support for iPhone 12 in dual SIM mode

View
Living with TCL's 8-series 4K TV: Quality without paying for OLED

Living with TCL's 8-series 4K TV: Quality without paying for OLED

View
Can Evernote make a comeback?

Can Evernote make a comeback?

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr