Denys Rudyi - Fotolia
The details of Project Verify -- a secure, single sign-on service for mobile device users -- are hazy, but IT should know its implications.
Four major U.S. wireless carriers -- Verizon, AT&T, Sprint and T-Mobile -- are developing Project Verify, which was officially announced in September 2018 with few details about how it will work. With Project Verify, users can log into their favorite apps and websites without providing passwords or other login information.
How Project Verify will work
The service will validate users with device- and account-specific information that is already accessible to wireless carriers, such as the account's tenure and type; the device's phone number, IP address and location; and details from the SIM card. This information will provide a unique, verifiable methodology to identify users on a mobile app or website.
Project Verify will also offer users a mobile app on which they can choose which apps or websites they want to access using the Project Verify system. Users can also choose what information they will share; however, the extent of control that users will have is unclear.
With Project Verify, online retail organizations, for example, can make it easier for potential customers to start using their apps. It is unclear, however, how organizations can enroll their apps and websites with Project Verify to enable users to log in.
How Project Verify will affect IT
IT must decide how to handle users who won't participate in the Project Verify service. Many individuals do not trust wireless carriers enough to allow them to manage authentication information, especially given their histories of data breaches and information peddling.
If organizations sign up with Project Verify for devices that users access for work, IT may have to accommodate multiple authentication mechanisms to appease users that don't want the service. Or, IT could require that all users log in with Project Verify, and admins will just have to suffer the repercussions of some user dissatisfaction. Until the task force behind Project Verify releases more information, it is unclear what its implications might be.
Although Project Verify promises to make user authentication easier and potentially more secure, wireless carriers are facing an uphill battle when it comes to trust. Organizations and users will need concrete and regulated guarantees to convince them that the carriers are looking out for their best interests.
Dig Deeper on Enterprise mobile security
Related Q&A from Robert Sheldon
A strong mobile authentication strategy should include a biometric factor, and IT should consider implementing such a factor into a multifactor ... Continue Reading
A recently released CSI-compliant plugin from Kubernetes could help simplify the process of connecting containerized workloads with storage systems. Continue Reading
Most DaaS providers offer either session- or client-based desktops. Services differ in the OSes that providers support and the configuration options ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.