Slashdot Mirror
US Carriers Introduce Project Verify To Replace Individual App Passwords (theverge.com)
Four major US carriers -- AT&T, Sprint, T-Mobile, and Verizon -- are joining forces to launch a single sign-on service for smartphones. From a report: The service, called Project Verify, authenticates app logins so that users don't need to memorize passwords for all their apps. The companies say their solution verifies users through their phone number, phone account type, SIM card details, IP address, and account tenure. Essentially, your phone serves as the verification method with details that are hard to spoof. Users have to manually grant apps permission to use Verify, and it works similarly to how you might log into some services through Gmail or Facebook instead of using a unique account password. Of course, these apps also have to choose to work with Verify, and the program hasn't listed any partners or when it intends to launch. The service can serve as your two-factor authentication method, too, instead of an emailed or texted code that can be intercepted. Users might not be totally safe if their phone is stolen. The Verify program automatically logs users in, so long as they have access to their phone's home screen and apps. More details on Krebs on Security blog.
The moment US mobile carriers are able to positively identify individuals by their mobile devices is the moment they resell user data to advertising affiliates.
blog
Oh, hell no ... because somehow there is the assumption you should be trusting the assholes at a cell carrier.
No, sorry, you don't get to be the gatekeeper for my authentication.
Sorry, they're just trying to grab more control, and there is no way that should happen.
With this, they could login to any account they want, because they pretty much have everything they need to.
And, I'm sure they'd never do anything like access your account for marketing purposes ... nosiree.
This is just a bit fat 'nope'.