The Mobile Authentication Taskforce, comprised of AT&T, Sprint, T-Mobile and Verizon, unveiled ZenKey at MWC LA
Heading into this year’s Mobile World Congress (MWC) Los Angeles, GSMA prioritized demonstrating its work with ZenKey, the Mobile Authentication Taskforce’s — comprised of AT&T, Sprint, T-Mobile and Verizon — mobile authentication platform.
“A few years ago, we developed Mobile Connect,” GSMA’s Head of North America Ana Tavares told RCR Wireless News, “which was a tech specification for identity, so that operators could launch identity in the same way across the world. We wanted it to be interoperable, and the idea was making usernames and passwords obsolete. Nobody likes them, they’re not very secure.”
About 70 operators have deployed ZenKey, which is in the Mobile Connect family and is interoperable with the rest of the world. “In the U.S., it takes the form of a mobile app, but you couldn’t do that in India for example,” Tavares explained. “In India, it would be USSD or SMS plus URL.”
Beyond the annoyance that passwords create for the consumer, user inability to remember their passwords actually costs service providers a lot of money. The process of resetting a forgotten password is not just a hassle for the user but is also expensive for the service provider when you consider the sheer number of automated emails and links that are sent out for all of the users who need to reset a password.
“They have to support the email traffic function. If it’s just one person, that’s fine. But that fact is that you have a very high percentage of users that forget their password. It’s probably very low cost per reset, but when you consider how big that number really is, there is a cost associated with it,” Tavares explained.
According to a press release, ZenKey also can provide added protection for service providers who want to keep passwords as one security factor but want a more secure second or third factor than SMS one-time-PINs. And by removing reliance on passwords as a primary identity authenticator, the platform also reduce fraud that occurs when a cybercriminal uses stolen login credentials to gain access to online accounts.
“Enhancing security often means adding steps or complicating processes. Conventional wisdom says heightened data security isn’t convenient, and that’s why it has seemed to be out of reach. ZenKey shows the industry it doesn’t have to be that way,” said Alex Sinclair, chief technology officer at GSMA in the same press release. “It simultaneously gives consumers ability to more securely direct the flow of their own data while making it easier to access mobile applications they’re already using.”
At MWC, Tavares commented, “So we thought, everyone knows their mobile number, so if you could just use your phone to be able to authenticate, that would work better.”
ZenKey hosted a booth at MWC LA, which allowed interested passersby to experience the application firsthand. When attempting to login to an application, the option to login with ZenKey appears as an additional option right next to the regular options, such as logging in with Facebook, Google or LinkedIn credentials. After selecting to login with ZenKey, the user is taken to the ZenKey application where they can see their security options.
“In one place, you can see all of the services you’re subscribed to, what kind of data you’re sharing with each one of them, and you can manage them. You can change permissions or resist access to your data. And you can set different levels of security depending on which application you’re trying to access and how secure you’d like it to be,” explained Tavares.
GSMA envisions a number of use cases for ZenKey, with perhaps a medication vending machine being one of the flashier examples. The vending machine, demonstrated a couple of years ago, would allow users to pick up medication after hours.
Tavares elaborated: “When you come to get the medication, there are a bunch of attributes that need to be verified. That information can be used through ZenKey. You don’t have to be typing it all over again. You can pre-fill forms with that information, and you can decide if you want to share that information because there are ways that they operator can use that information to verify you without turning in that information over, as well.”
“We are trying to change the paradigm and put the user in control of the data they’re sharing with a simple login solution that could be similar across every platform,” stated Tavares.