ZenKey, Is This The End For Passwords?
Nothing is more frustrating than trying to remember all your passwords. For cyber security puposes we preach about not using the same pasword on multiple sites. So now you have a hundred passwords that contain upper case, lower case special symbols and numbers. Password managers help but it is still a hassle. Especially if you are not using you own device to login somewhere. Can ZenKey change all this?
America’s biggest mobile service providers, AT&T, Sprint, T-Mobile US, and Verizon Wireless have joined forces to bring about a new authentication system intended to manage your logins without a password.
Originally announced last September under the name of Project Verify ZenKey works just like any other single sign-on service (SSO). This includes those from Google, Facebook, Twitter, and most recently Apple. It allows the user to approve login requests from other websites and apps on a device you own, you guessed it, your cell phone. Thus, no more passwords?
Online authentication is the product of one or more of three factors. A password or your location is something you know. A cell phone or other device is something you have. And your fingerprint, your face or even your retina is something you are. Known as a biometric. Two factor authentication and passwordless systems uses two of the three factors to replace your password.
Your identify is verified through a multi-factor profile linked to your mobile device. It takes into account the subscriber information from your cell service, including IP address, SIM card details, phone number, phone account type, and your fingerprint or face.
There are still some questions that need to be answered. Will major online businesses and services be on board with ZenKey? This includes banks, social media, retail, utilities, and pretty much everyone else. If industry does not buy in to the ZenKey SSO this thing is dead in the water.
ZenKey has some advantages against other SSO systems. ZenKey claims to allow users full control over the information that’s required to sign-up for each service. They can choose to “opt out at any time to stop sharing that information.”
But there is another question we have to answer when it comes to ZenKey. Can we trust our wireless carriers?
Last year, if you remember, all the four carriers, AT&T, Sprint, T-Mobile and Verizon, were caught red handed leaking the locations of customer phones in the U.S. with an accuracy of within a few hundred yards. After being busted selling location data the companies agreed to stop selling their customers’ location information to third-party data brokers.
There is also the potential for SIM swapping attacks. SIM swapping is a social engineering attack carried out by cybercriminals to trick phone carriers into transferring their victims’ cell services to a SIM card under their control. If someone can get your number swapped, they could potentially access your online accounts too.
ZenKey just might work but there is already a competitor with clout in the game. Apple is touting its privacy efforts with “Sign in with Apple.”
Now You Know