Two-factor authentication via SMS and a smartphone provides a heavy dose of additional security for your data. But as the US government declared last year, it’s not without its flaws.
To fix that, the big four US mobile operators, Sprint, T-Mobile, Verizon and AT&T have formed a coalition called the Mobile Authentication Taskforce. To come up with a new system working with app. Developers and others they’ll explore the use of SIM card recognition, network-based authentication, geo-location, and other carrier-specific capabilities.
The idea is to fix current 2FA with systems. To reduce mobile identity risks by analyzing data and activity patterns on a mobile network to predict. With a high degree of certainty, whether the user is who they say they are, according to the news release.
Fraud and identity theft
Moreover, the problem with SMS authentication is that skilled hackers have successfully hijacked SMS codes in the past. Often simply by contacting the carrier and impersonating the victim.Further, it also falls apart if thieves grab your smartphone along with your PC. Can gain access to your phone via malware, or just steal a glance at a 2FA message on your lock screen.
Through strong collaboration, the taskforce announced today has the potential to create impactful benefits for US customers by helping to decrease fraud and identity theft, and increase trust in online transactions.
The system will be an open one that can work the four carriers and others. Working closely with the taskforce to ensure this solution is aligned and interoperable with solutions deployed by operators, said Alex Sinclair, CTO of mobile industry group GSMA.
Finally, the goal to improve 2FA security sounds like a noble one. But Congress, at the urging of carriers and ISPs. Recently eliminated certain customer privacy protection rules. As such, consumer protection groups have concerns about 2FA systems used by operators to track customers.
However, the new system is supposed to arrive for enterprises and customers in 2018, the group says. Meanwhile, if you’re still not using two-factor authentication SMS or otherwise you should be.