While many users still choose to eschew any type of multi-factor authentication to improve the security of their online accounts, U.S. cell phone carriers have been working on a new type of mobile authentication solution.
The four major carriers — AT&T, Sprint, T-Mobile, and Verizon — have dubbed themselves the Mobile Authentication Taskforce on this issue. A release from AT&T revealed the carriers will be conducting internal trials, testing the new solution over the next few weeks.
The taskforce claims it will “deliver a cryptographically verified phone number and profile data for users of authorized applications with their consent.” Authentication security will be strengthened through a “network verified mobile number, IP address, SIM card attributes, phone number tenure, phone account type and more.”
[We’ve written a number of articles about two-step/multi-factor authentication: read about How To Add Two-Step Authentication to popular online accounts, Apps To Use For Two-Factor Authentication, and Accessories For Secure Two-Factor Authentication, for the most security-inclined users who want to add a physical element to their sign-in.]
The carriers also plan to use advanced analytics and machine learning capabilities” to assess risk. Presumably, this will be used to increase security, though exact details are scarce.
Despite the announcement, there’s still a lot of vagueness about this possible solution. It’s unclear what it might look like, exactly how it will be implemented, and a longer timeline for consumer use is also unknown. However, the taskforce looks to set up a website about the solution later this year for service providers — conservatively, it seems like this solution is at least a year from making its way to consumers, and likely longer.
Ideally, this new solution would be a step up from two-step authentication and the current multi-factor authentication offerings. But that doesn’t mean users should ignore those current solutions.