It has been proven time and time again that using SMS for two-factor authentication isn't very secure. While it's certainly better than having no 2FA at all, working around it only takes someone fooling a carrier into sending them a SIM card meant for you. Likely due to so many of these accidents occurring, all major US carriers began working to improve mobile 2FA last year.

The 'Mobile Authentication Taskforce' today revealed details about the upcoming platform. The explanation for how the service works is a wonderful mess of buzzwords and security terms:

"This highly secure solution will deliver a cryptographically verified phone number and profile data for users of authorized applications with their consent. Authentication security is strengthened by processing unique attributes such as a network verified mobile number, IP address, SIM card attributes, phone number tenure, phone account type and more. In addition, advanced analytics and machine learning capabilities will be used to help assess risk and protect customers."

In summary, users will be able to verify their phone numbers with third-party services in a secure manner, with roadblocks set in place to prevent common hijacking methods. For example, checking the IP address could keep illegally-obtained SIM cards from working with 2FA.

The carriers expect to begin testing the technology "over the next few weeks," with a full release to consumers coming by the end of 2018.

PRESS RELEASE