Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,972
17,355



Last September, AT&T, Verizon, Sprint, and T-Mobile announced a team-up with the mission of developing a mobile authentication solution for both businesses and consumers. One of the main reasons the carriers created the "Mobile Authentication Taskforce" was to help users who have to manage "dozens of difficult-to-remember passwords" for numerous apps.

Today at Mobile World Congress, the taskforce has revealed more details about its upcoming platform, and set a launch date for later in 2018. AT&T said the solution will create a cryptographically verified phone number and "unique profile" that's specific to the user's smartphone or tablet, strengthened by processing attributes such as a network verified mobile number, IP address, SIM card attributes, phone number tenure, phone account type, and more. The solution will only work with apps authorized by the taskforce, and at the consent of the user.

carrier-mobile-taskforce.jpg

The companies' combined resources will further analyze data and activity patterns on a mobile network to predict, "with a high degree of certainty," whether the user is who they say they are.
Formed last year to develop a mobile authentication solution to help protect enterprises and consumers from identity theft, bank fraud, fraudulent purchases and data theft, the Mobile Authentication Taskforce has dedicated resources developing a highly secure and trusted multi-factor authentication platform powered by the carrier networks. The taskforce vision includes interoperability with GSMA's Mobile Connect technology.
To confirm a user's identity and allow them entry into their own secure data, the solution will also use machine learning, advanced analytics, and run a risk assessment engine with AI to confirm that all of this data matches -- or doesn't match -- the main user's identity. VentureBeat reported that the Mobile Authentication Taskforce's platform is expected to be "simpler and more secure" than current heavy-duty password and data protection solutions, like two-factor authentication.

According to the GSM Association, which represents the interests of mobile operators worldwide, the solution will not only provide mobile device owners with an easier way to manage passwords, but also help to "decrease fraud and identity theft, and increase trust in online transactions." With the four largest U.S. network carriers working together, AT&T said that the taskforce will bring "significant capabilities and insights" to build a modern security and identity protection system.
"As mobile becomes the remote control for day-to-day life, mobile identity is key to making things simpler and more secure for consumers," said Alex Sinclair, Chief Technology Officer, GSMA. "The GSMA has been working with operators around the world to bring a consistent and interoperable, secure identity service and this taskforce will strengthen that effort by enabling a simple user experience quickly and conveniently in the US market."
Ahead of the launch, registered developers will be able to submit to the taskforce and begin ensuring that their applications will be compatible with the new mobile authentication platform. This submission process itself will be highly secure as well, using "private and permissioned blockchain technology to help ensure application integrity."

Developers and other service providers will be able to sign up to participate as an application developer when the taskforce's website launches "later this year," and in the next few weeks internal trials of the system will begin.

Article Link: AT&T, Sprint, T-Mobile, and Verizon Detail Plans for 'Next-Generation Mobile Authentication Platform'
 

mcdspncr

macrumors regular
Jul 2, 2011
159
198
Not sure I fully understand all the tech involved in this, but there’s no way I’m letting the carriers have my passwords.

Also, ironic name for the taskforce - MAT, as in what we’ll feel like when the carriers and NSA walk all over our rights to privacy.
 

Xavier

Contributor
Mar 23, 2006
2,664
1,261
Columbus
It seems like a way for carriers to collect user information under the guise of security. Cue a new standard verizon/att app on your phone, preinstalled?

"The solution will only work with apps authorized by the taskforce, and at the consent of the user."
 

elvisimprsntr

macrumors 6502a
Jul 17, 2013
544
745
Florida
"The solution will only work with apps authorized by the taskforce, and at the consent of the user."

Follow the money, people. Meaning a way to track a customer and sell data and advertising to the highest bidder, or to get into the mobile payments game for a small transaction fee.
 

coumerelli

macrumors 6502
Apr 7, 2003
310
123
state of confusion.
Not sure I fully understand all the tech involved in this, but there’s no way I’m letting the carriers have my passwords.

Also, ironic name for the taskforce - MAT, as in what we’ll feel like when the carriers and NSA walk all over our rights to privacy.

It seems like a way for carriers to collect user information under the guise of security. Cue a new standard verizon/att app on your phone, preinstalled?

"The solution will only work with apps authorized by the taskforce, and at the consent of the user."

I don’t read it this way at all. The solution replaces multi factor authentication by using analytics of my phone and use. If I’m at home going about my day, but “I” try to log in to one of these authenticated apps/services several hundred or even thousands of miles away, the login will fail for the imposter. Yet I’ll still carry on normally - without the burden of mutifactor authentication. No passwords are given to carriers here.
 
  • Like
Reactions: topgunn and jecowa

DaveOP

macrumors 68000
May 29, 2011
1,536
2,209
Portland, OR
Not sure I fully understand all the tech involved in this, but there’s no way I’m letting the carriers have my passwords.

Also, ironic name for the taskforce - MAT, as in what we’ll feel like when the carriers and NSA walk all over our rights to privacy.
I laughed out loud, well played sir. I agree, I don't need the carriers trying to save passwords for me. I really hope this is opt-in, or can be opted out.
 

avanpelt

macrumors 68030
Jun 2, 2010
2,940
3,843
All I want from my mobile carrier right now is for them to be able to detect when caller ID has been spoofed to be the same area code and prefix as my cell number and then prevent that call from reaching my phone. That nonsense has gone on long enough.
 

now i see it

macrumors 604
Jan 2, 2002
7,960
15,729
The end game (if someone is naive enough to jump on board with this scheme) is carrier lock in and control. Good luck switching to T-Mobile (for example) when all your passwords are stored over at AT&T. This scheme is not to help the customers. It's to empower the providers. Same old story since forever.
 

Xavier

Contributor
Mar 23, 2006
2,664
1,261
Columbus
I don’t read it this way at all. The solution replaces multi factor authentication by using analytics of my phone and use. If I’m at home going about my day, but “I” try to log in to one of these authenticated apps/services several hundred or even thousands of miles away, the login will fail for the imposter. Yet I’ll still carry on normally - without the burden of mutifactor authentication. No passwords are given to carriers here.

Ah, so it could be that approved apps are now using a sort of tokenized credential, specific per device, to login. So no passwords necessarily, but an identification code that would be hard to steal.

It doesn't change that by opting in, you are granting access to your device.
 

nt5672

macrumors 68020
Jun 30, 2007
2,409
5,149
I don't wan't anyone running some algorithm which determines who I am. I know who I am and if I supply the correct password then I want my access. My password security, is my responsibility. Now I know if you are a millennial, then taking responsibility is hearsay when it can be done for you for free, so just call me old fashioned.

Now, if they want to make generating public and private keys more user friendly, and allow them instead of insecure passwords, then as long as I can change them anytime, I am all for it. But security is my responsibility and I am not handing that off to some carrier, who we know from experience, does not have my privacy or security in any of their priorities.
 
  • Like
Reactions: Avieshek

jecowa

macrumors regular
Mar 15, 2006
178
245
All I want from my mobile carrier right now is for them to be able to detect when caller ID has been spoofed to be the same area code and prefix as my cell number and then prevent that call from reaching my phone. That nonsense has gone on long enough.

I think a lot of times they are actually using a VOIP phone provider to rent access to a phone number in your area. Try looking up some of the numbers that call you on maybe http://freecarrierlookup.com/
 

collegitdept

macrumors regular
Nov 17, 2009
109
39
Thanks Apple!

Because of your asinine privacy policy - that's now becoming an illogical ideology *and* excuse for poor product/services - iOS users lack a proper identity management platform, and are forced to expose our data to more risk, less security, and less privacy - with 2 consequences:

1. Use simple passwords and reuse the same password everywhere
2. forced to rely on Google Single-Sign-on, Amazon ID, Facebook ID, or now their mobile carriers


Same for no system-level iOS SPAM call filters:
1. live with it and suffer
2. force to use an inferior and fragmented solution (giving others our data) from risky 3rd party apps, or carrier specific service
 
  • Like
Reactions: rbrian and Avieshek

AxiomaticRubric

macrumors 6502a
Sep 24, 2010
820
961
On Mars, Praising the Omnissiah
Sooooooo if I do something completely random using their apps:

"This is a courtesy message from Mobile Authentication Taskforce. Your mobile device has been disabled. Please tap here to contact a customer service representative and verify your identity."
 
  • Like
Reactions: Shirasaki

topgunn

macrumors 68000
Nov 5, 2004
1,523
1,881
Houston
I don’t read it this way at all. The solution replaces multi factor authentication by using analytics of my phone and use. If I’m at home going about my day, but “I” try to log in to one of these authenticated apps/services several hundred or even thousands of miles away, the login will fail for the imposter. Yet I’ll still carry on normally - without the burden of mutifactor authentication. No passwords are given to carriers here.
I agree. There seems to be a lot of FUD in these comments. This isn't using AT&T in the place of LastPass.

Many of us already use our phones as a method of multi-factor authentication. This seems to me to be the next iteration of that only easier to use and more secure for the end user.
 

collegitdept

macrumors regular
Nov 17, 2009
109
39
This is exactly it. And the reason they're doing it, is because Apple refuses. And identity management on iOS is a really big sore spot.





I agree. There seems to be a lot of FUD in these comments. This isn't using AT&T in the place of LastPass.

Many of us already use our phones as a method of multi-factor authentication. This seems to me to be the next iteration of that only easier to use and more secure for the end user.
 

Crow_Servo

macrumors 6502a
Feb 17, 2018
534
484
America
Don’t forget, this might combat fraud within the carriers too. Reducing fraud saves the carriers money. That could be one of the motivations behind this idea.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.