An iphone homescreen. Photo: Jaap Arriens/NurPhoto via Getty Images
AT&T, Sprint, T-Mobile and Verizon demoed a jointly developed prototype authentication app at the Mobile World Congress Conference on Wednesday, that uses customer behavior patterns to verify users identity.
Why it matters: While Project Verify may look similar to other apps that use a phone for authentication – Google Authenticator included – cell companies have access to a host of data that app designers, and even phone manufacturers, do not. If it works as intended, Project Verify is a significant step in mobile security.
"This is not just a better mousetrap," Johannes Jaskolski, general manager of the companies' joint Mobile Authentication Taskforce. "This is fundamentally different, using very unique signals."
The potential uses: The potential uses include replacing passwords for low security accounts or being paired with a password to bolster protection on more secure accounts. It could be used to protect logins from mobile devices, desktops or anything else.
The internals: Without collecting any information they already don't, phone companies already have access to SIM cards, detailed location data and other information that normal authentication apps do not. Phones allow apps from carriers special access.
The minutia: Though the four carriers worked together on the app, none of the authentication data is shared between companies – a hypothetical rogue employee at T-Mobile couldn’t access an AT&T customer's information.