Denys Rudyi - Fotolia

What is Project Verify and how will it affect IT?

Project Verify will enable mobile users to sign into apps and websites without login credentials. Discover what this might mean for IT and how it will work.

The details of Project Verify -- a secure, single sign-on service for mobile device users -- are hazy, but IT should know its implications.

Four major U.S. wireless carriers -- Verizon, AT&T, Sprint and T-Mobile -- are developing Project Verify, which was officially announced in September 2018 with few details about how it will work. With Project Verify, users can log into their favorite apps and websites without providing passwords or other login information.

How Project Verify will work

The service will validate users with device- and account-specific information that is already accessible to wireless carriers, such as the account's tenure and type; the device's phone number, IP address and location; and details from the SIM card. This information will provide a unique, verifiable methodology to identify users on a mobile app or website.

Project Verify will also offer users a mobile app on which they can choose which apps or websites they want to access using the Project Verify system. Users can also choose what information they will share; however, the extent of control that users will have is unclear.

With Project Verify, online retail organizations, for example, can make it easier for potential customers to start using their apps. It is unclear, however, how organizations can enroll their apps and websites with Project Verify to enable users to log in.

How Project Verify will affect IT

IT must decide how to handle users who won't participate in the Project Verify service. Many individuals do not trust wireless carriers enough to allow them to manage authentication information, especially given their histories of data breaches and information peddling.

If organizations sign up with Project Verify for devices that users access for work, IT may have to accommodate multiple authentication mechanisms to appease users that don't want the service. Or, IT could require that all users log in with Project Verify, and admins will just have to suffer the repercussions of some user dissatisfaction. Until the task force behind Project Verify releases more information, it is unclear what its implications might be.

Although Project Verify promises to make user authentication easier and potentially more secure, wireless carriers are facing an uphill battle when it comes to trust. Organizations and users will need concrete and regulated guarantees to convince them that the carriers are looking out for their best interests.

Dig Deeper on Mobile security

Unified Communications