The four major US mobile service providers – AT&T, Sprint, T-Mobile and Verizon will be integrating the total sign-on procedure for the smartphones. The project has been apparently called as Project Verify, using the authentication for the users to login without actually entering the passwords for the apps. The authentication process for different users can happen through varied touch points like phone number, SIM cards, IP address, and account tenure. The phone serves as a verification device that can be hard to be manipulated. The users will have complete control over the verify, and works as same as other services such as Gmail or Facebook. The user data or account authentication is used for accessing the services. Also, many of the apps also have to induct the feature of the user verification process, currently none of the third-party apps are inducted in the project.
The verify project will be helping the end users to find more secure and user-friendly solutions than passwords. However, many enterprises that are currently investing in the project are actually the same ones that are responsible for security flaws. SIM swapping attacks, privacy issues due to cookies, net- neutrality failure and surveillance issues have been due to infrastructure flaws of mobile service providers. A move towards the user-friendly security and authentication should open the identity control for the users.
How Good Is The Project Verify?
The major challenge for any password protected system is “low-security-passwords” a huge factor of account breaches. The current password management for the users is quite imprudent resulting in breaches, a number of users who are using a password manager to create and manage password is quite low. Many devices or product providers have implemented the Single Sign-on as an alternative for the multiple passwords. There are many examples of Single- Sign-in feature using the Google or Facebook account. In the project verify using the single sign-on, a user can authenticate like an OpenID in case of corporate servers. The user can log-in on different websites or app without registering with the new password and username single step verification can be used. Project Verify can also be used for multiple factor authentication functionality, replacing the legacy SMS and email methods.
Using the project verify the users will be able to choose from different mobile apps that can access the single authentication feature. The users will also have a choice for information sharing, however the control feature it still debated one. One-step access will benefit many services that will provide easy log-in without going through a long process of log-in and password.
Affecting the Infrastructure
Many of the users won’t participate in the project verify, due to many of them not trusting the service providers. The recent data breaches and information touting are ever increasing. If an enterprise accepts the project verify and implements it for the devices the process might require a longer application. A multi-factor authentication mechanism has to be used because the password development from the users is unreliable. Enterprise mobility will greatly benefit from the project verify keeps the management and access on a single level.
Currently, the project verify is still in the development stage and it won’t be fully implementable if other service providers and apps don’t accept the terms and conditions. Currently, the trust factor is the major obstacle that needs to be solved. The continuous data breaches on different websites that also support the single-signup have led to many users to adopt the old login methods. All network providers and different apps need to come together to define governance and regulate usage.