Verizon, AT&T, and T-Mobile come together to launch the ZenKey password authentication tool
Wouldn’t it be nice if passwords simply didn’t exist? Some companies like Google are moving away from them, but it’ll take a seismic shift in the industry to get more people and services on board. It’s a future envisioned by a new initiative known as ZenKey, a collaboration between Verizon, AT&T and T-Mobile.
Essentially, ZenKey is like one of those “Sign in with” buttons you often see on websites, but there’s a little more security behind ZenKey’s process. The service uses multi-factor authentication when someone tries to sign in, including a user’s phone number, SIM card details, account tenure, phone account type, and user credentials.
You’ll need to download your carrier’s ZenKey app and then setup a PIN or provide biometric authentication before you begin. As of now, only a few apps and services support the service, including mobile apps for LiveXLive and Verizon My Fios. Websites for AT&T TV, DIRECTV, myAT&T, and AT&T Now also support ZenKey sign in.
In the initial setup, your phone and carrier is verified and your carrier is notified of registration. To register with an app or website that supports ZenKey, your wireless carrier will pass along the information that you choose to share. Then, once you try to login using the green “Sign in with ZenKey” button, a confirmation request is sent to your wireless carrier to verify your device and check for suspicious activity. Once your carrier confirms that you’re trying to sign in, it’ll send validation, automatically logging you in. A similar system has been setup for making transactions, like in a banking app. Your wireless carrier will confirm that you’re giving consent and then ask you to confirm the transaction.
Notably, ZenKey will allow users to control what personal information is shared with apps and accounts, such as name, phone number, and email. Apple’s “Sign in with Apple” offers similar privacy controls, allowing users to hide their email and prevent tracking.
ZenKey’s premise is interesting and could potentially be a lot more secure than the traditional password and SMS authentication, the former of which is often exposed as part of security breaches and the latter of which is often hijacked via social engineering SIM-jacking methods. But until ZenKey is widely supported by services and apps, there’s not much incentive to use it. The service does promise, however, that more apps and websites are in the process of integrating ZenKey, with plans to trial or go live in the coming months.
If you’re interested in trying ZenKey, here’s the user guide.