Skip to main content

Major US carriers say they’re working on a more secure two-factor system

Major US carriers say they’re working on a more secure two-factor system

Share this story

Amelia Krales / The Verge

Verizon, AT&T, T-Mobile, and Sprint are now working together to develop a more secure solution for two-factor authentication.

The companies seem to be looking for a way to replace traditional text messages as the method for verifying whether someone is trying to log in to an online account. What they’ll replace it with is unclear, but the companies’ announcement seems to say they’ll have a solution ready sometime next year.

Two-factor authentication (sometimes called two-step verification, or something similar) is a security option that’s been offered by more and more websites over the past few years. It usually involves a website texting users a unique code every time they want to log in, requiring that person to have both their regular account password and access to their physical phone in order to get into their account.

At least, that’s how it’s supposed to work in theory. The trouble is, hackers are increasingly figuring out ways to intercept those codes, because SMS isn’t all that secure. That’s been known for a while, and today’s announcement suggests the big carriers are finally prepared to do something about it.

The companies say they’ll develop an “advanced mobile authentication solution” that will be able to analyze network activity patterns to tell “with a high degree of certainty” whether or not an account’s owner is really behind an action being taken. The group says they’ll take an “open approach” to developing their solution, working with app developers and other third parties for input.

There’s no guarantee that this will all work out as cleanly as the announcement seems to imply, with all the major carriers rolling out some easy, effective solution that becomes widely adopted next year. It’s rarely the case that the tech industry will widely get on board with one decision. Still, it’s a step toward addressing a security issue that’s flaws are increasingly evident.