It has been proven time and time again that using SMS for two-factor authentication isn't very secure. While it's certainly better than having no 2FA at all, working around it only takes someone fooling a carrier into sending them a SIM card meant for you. Likely due to so many of these accidents occurring, all major US carriers began working to improve mobile 2FA last year.
The 'Mobile Authentication Taskforce' today revealed details about the upcoming platform. The explanation for how the service works is a wonderful mess of buzzwords and security terms:
"This highly secure solution will deliver a cryptographically verified phone number and profile data for users of authorized applications with their consent. Authentication security is strengthened by processing unique attributes such as a network verified mobile number, IP address, SIM card attributes, phone number tenure, phone account type and more. In addition, advanced analytics and machine learning capabilities will be used to help assess risk and protect customers."
In summary, users will be able to verify their phone numbers with third-party services in a secure manner, with roadblocks set in place to prevent common hijacking methods. For example, checking the IP address could keep illegally-obtained SIM cards from working with 2FA.
The carriers expect to begin testing the technology "over the next few weeks," with a full release to consumers coming by the end of 2018.
Today, the Mobile Authentication Taskforce, comprised of AT&T, Sprint, T-Mobile and Verizon, reveals product details of the next-generation mobile authentication platform at Mobile World Congress in Barcelona.
Formed last year to develop a mobile authentication solution to help protect enterprises and consumers from identity theft, bank fraud, fraudulent purchases and data theft, the Mobile Authentication Taskforce has dedicated resources developing a highly secure and trusted multi-factor authentication platform powered by the carrier networks. The taskforce vision includes interoperability with GSMA's Mobile Connect technology.
“As mobile becomes the remote control for day-to-day life, mobile identity is key to making things simpler and more secure for consumers,” said Alex Sinclair, Chief Technology Officer, GSMA. “The GSMA has been working with operators around the world to bring a consistent and interoperable, secure identity service and this taskforce will strengthen that effort by enabling a simple user experience quickly and conveniently in the US market.”
This highly secure solution will deliver a cryptographically verified phone number and profile data for users of authorized applications with their consent. Authentication security is strengthened by processing unique attributes such as a network verified mobile number, IP address, SIM card attributes, phone number tenure, phone account type and more. In addition, advanced analytics and machine learning capabilities will be used to help assess risk and protect customers.
Registered developers will be able to submit applications through a system using private and permissioned blockchain technology to help ensure application integrity. The U.S.-based carriers want the full power of collective network intelligence in the hands of consumers and businesses to help safeguard online and wireless experiences.
Over the next few weeks, the taskforce will begin internal trials to test the solution, with a goal of making the solution generally available to consumers by end-of-year. The taskforce will launch a website later this year enabling service providers to learn more about the solution and sign up to participate as an application developer.
AT&T Inc. (NYSE:T) helps millions around the globe connect with leading entertainment, business, mobile and high speed internet services. We have the nation’s largest and most reliable network** and the best global coverage of any U.S. wireless provider. We’re one of the world’s largest providers of pay TV. We have TV customers in the U.S. and 11 Latin American countries. More than 3 million companies, from small to large businesses around the globe, turn to AT&T for our highly secure smart solutions.
AT&T products and services are provided or offered by subsidiaries and affiliates of AT&T Inc. under the AT&T brand and not by AT&T Inc. Additional information about AT&T products and services is available at about.att.com. Follow our news on Twitter at @ATT, on Facebook at facebook.com/att and on YouTube at youtube.com/att.
© 2018 AT&T Intellectual Property. All rights reserved. AT&T, the Globe logo and other marks are trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
**Coverage not avail. everywhere. Based on overall coverage in U.S. licensed/roaming areas. Reliability based on voice and data performance from independent 3rd party data.
Sprint (NYSE: S) is a communications services company that creates more and better ways to connect its customers to the things they care about most. Sprint served 54.6 million connections as of December 31, 2017 and is widely recognized for developing, engineering and deploying innovative technologies, including the first wireless 4G service from a national carrier in the United States; leading no-contract brands including Virgin Mobile USA, Boost Mobile, and Assurance Wireless; instant national and international push-to-talk capabilities; and a global Tier 1 Internet backbone. You can learn more and visit Sprint at www.sprint.com or www.facebook.com/sprint and www.twitter.com/sprint.
As America's Un-carrier, T-Mobile US, Inc. (NASDAQ: TMUS) is redefining the way consumers and businesses buy wireless services through leading product and service innovation. Our advanced nationwide 4G LTE network delivers outstanding wireless experiences to 72.6 million customers who are unwilling to compromise on quality and value. Based in Bellevue, Washington, T-Mobile US provides services through its subsidiaries and operates its flagship brands, T-Mobile and MetroPCS. For more information, please visit http://www.t-mobile.com.
Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York City, generated $126 billion in 2017 revenues. The company operates America’s most reliable wireless network and the nation’s premier all-fiber network, and delivers integrated solutions to businesses worldwide. Its Oath subsidiary reaches about one billion people around the world with a dynamic house of media and technology brands.