2FA is outdated, US carriers want next-gen mobile authentication

Traditional two-factor authentication via SMS on a smartphone has been used for a long time as an extra layer of security. But time proved this feature is not flawless, as Facebook users recently witnessed after receiving spam messages to two-factor authentication users because of a system bug.

Understanding the necessity for more reliable multi-factor authentication, US cell phone carriers have joined forces to create a next-gen mobile authentication platform.

Under the name Mobile Authentication Taskforce, AT&T, Sprint, T-Mobile and Verizon want to create new standards in mobile security with the help of analytics and machine learning to protect users from data theft, fraud and illegal purchases.

The multi-factor platform for both businesses and consumers will be tested in the coming weeks and a website for service providers will be available, the group announced at Mobile World Congress in Barcelona. By the end of the year, the group wants to make “highly secure solution” available to consumers.

“As mobile becomes the remote control for day-to-day life, mobile identity is key to making things simpler and more secure for consumers,” said Alex Sinclair, Chief Technology Officer, GSMA. “The GSMA has been working with operators around the world to bring a consistent and interoperable, secure identity service and this taskforce will strengthen that effort by enabling a simple user experience quickly and conveniently in the US market.”

Through multi-factor authentication, the carriers want to “reduce mobile identity risks by analyzing data and activity patterns on a mobile network to predict, with a high degree of certainty, whether the user is who they say they are.” Applications will receive a cryptographically verified phone number and user profile data only with the user’s consent. To ensure security and efficiency, a high number of authentication factors will be taken into account, for example IP address, SIM card and network authentication.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Luana Pascu. Read the original post at: