AT&T, Sprint, T-Mobile and Verizon join forces to develop secure two-factor system

Shawn Knight

Posts: 14,135   +154
Staff member

The nation’s top four wireless carriers may hate each other but they’re showing a willingness to work together in the name of security.

AT&T, Sprint, T-Mobile and Verizon on Friday announced the creation of the Mobile Authentication Taskforce. Each company will put forth resources needed to develop an advanced mobile authentication solution designed to help reduce mobile identity risks.

Or, in other words, they want to create a better two-factor authentication system.

Two-factor authentication is one of the best lines of defenses against account and identity theft but it’s not perfect. Determined hackers are able to social engineer their way into accounts and even intercept SMS-based two-factor verification codes.

The carriers didn’t reveal specifics but said their solution aims to analyze data and activity patters on mobile networks to predict whether a user is who they say they are. The goal is to have a solution ready for enterprises and customers in 2018.

Alex Sinclair, chief technology officer with the GSM Association, said that at a time when online and digital services are commonplace, security and authentication are issues that affect us all. The taskforce announced today, he added, has the potential to create impactful benefits for customers by helping to decrease fraud and identity theft, and increase trust in online transactions.

Sinclair noted that they will be working closely with the taskforce to ensure the authentication method is aligned and interoperable with solutions deployed by operators.

Permalink to story.


Uncle Al

Posts: 8,752   +7,668
Those are the alliances that usually build the best systems ... if they can turn their competitiveness towards the common goal and avoid it becoming a back biting contest .... we can only hope!


Posts: 739   +570
There's many types of Two-factor authentication these days but using Authy (or a similar app) to generate codes really can't be beat. I don't understand why anything more is needed. It's up to websites and services to require better types of two-factor authentication and not just allow anything such as an insecure message to sms.