Denys Rudyi - Fotolia
The details of Project Verify -- a secure, single sign-on service for mobile device users -- are hazy, but IT should know its implications.
Four major U.S. wireless carriers -- Verizon, AT&T, Sprint and T-Mobile -- are developing Project Verify, which was officially announced in September 2018 with few details about how it will work. With Project Verify, users can log into their favorite apps and websites without providing passwords or other login information.
How Project Verify will work
The service will validate users with device- and account-specific information that is already accessible to wireless carriers, such as the account's tenure and type; the device's phone number, IP address and location; and details from the SIM card. This information will provide a unique, verifiable methodology to identify users on a mobile app or website.
Project Verify will also offer users a mobile app on which they can choose which apps or websites they want to access using the Project Verify system. Users can also choose what information they will share; however, the extent of control that users will have is unclear.
With Project Verify, online retail organizations, for example, can make it easier for potential customers to start using their apps. It is unclear, however, how organizations can enroll their apps and websites with Project Verify to enable users to log in.
How Project Verify will affect IT
IT must decide how to handle users who won't participate in the Project Verify service. Many individuals do not trust wireless carriers enough to allow them to manage authentication information, especially given their histories of data breaches and information peddling.
If organizations sign up with Project Verify for devices that users access for work, IT may have to accommodate multiple authentication mechanisms to appease users that don't want the service. Or, IT could require that all users log in with Project Verify, and admins will just have to suffer the repercussions of some user dissatisfaction. Until the task force behind Project Verify releases more information, it is unclear what its implications might be.
Although Project Verify promises to make user authentication easier and potentially more secure, wireless carriers are facing an uphill battle when it comes to trust. Organizations and users will need concrete and regulated guarantees to convince them that the carriers are looking out for their best interests.
Dig Deeper on Mobile security
Related Q&A from Robert Sheldon
While there are plenty of viable enterprise-grade third-party desktop security platforms, Microsoft has built out a strong array of native features ... Continue Reading
It's important to consider current and future business needs when choosing a server to ensure you'll have adequate CPU, memory, storage and network ... Continue Reading
The average organization may not require military-grade security for its endpoint management platform, but IT pros should take note of which products... Continue Reading