I don’t know about you, but I am not inclined to believe that my cell phone provider is the best company to protect my security, but they disagree. And who knows – maybe it could work.
The basis of Project Verify is that each cell phone has a unique fingerprint that allows the carrier to identify your phone and use that verification to log you in to your favorite (cooperating) web site.
They say that it verifies your identity using information from your SIM card, IP address and account tenure. They have not released the details yet of how it will work.
One thing that is concerning is that they say that consumers will be able to control the information that they share and consent to how it is used. It is unclear if that means that the cellular providers want to be the keeper of your data and doling it out appropriately. Maybe that is not the case – they have not said yet.
What is clear is that what we are doing today is not working. People pick easy to guess passwords (like Password or 12345678). They refuse to use two factor authentication because it involves a teeny, tiny bit more work.
So, if this really works it could be a big improvement.
But we do need to remember that hackers are already targeting – pretty successfully – cellular carriers and all this will do is make the cell provider an even bigger target.
Right now cell phone NUMBER theft is big business because if you steal someone’s number you will be able to get their text messages which is what you need to reset passwords.
But as I understand this system, the security is tied to the bits on the SIM card itself, so stealing the number won’t help anymore.
Information for this post came from The Verge.