Carrier-Backed ZenKey Proposes Using Phones Instead Of Passwords
Passwords are the bane of security and having weak ones is almost as bad as having none. It could be even worse since it gives the semblance of security when, in fact, there isn't any at all. That's why the tech industry has been looking for alternatives, like two-factor authentication. US carriers, however, are taking it one step further and wants to completely replace passwords with your smartphone and, of course, your carrier.
ZenKey was actually introduced back in early 2018 under the name Project Verify. It was and still is supported and promoted by the four major carriers in the US, namely AT&T, Sprint, T-Mobile, and Verizon. Unsurprisingly, this new verification system puts carriers at the center, using information only they could posses to authenticate users.
Like two-factor authentication or 2FA, the idea behind ZenKey is to use something you always have on you, in this case your phone. Unlike 2FA, however, ZenKey actually stands in for passwords rather than being a second layer in addition to it. Also unlike your usual 2FA, it promises to use multi-factor information, ranging from your subscriber information to your IP address or, depending on the phone, even your fingerprint or face.
While it's certainly good that the industry is developing more secure alternatives to passwords that are also convenient, ZenKey might have a few obstacles to overcome before it gets widely accepted. For one, the reliance on the phone and only the phone is like putting all your eggs in one basket. Should ZenKey become popular, it could become a reason for an increase in smartphone theft.
ZenKey will also require the cooperation of apps and service providers. Not all of them may be too open in relying on carriers for such a critical system, especially when carriers have become notorious for their privacy policies when it comes to subscribers' information.