Four major US carriers — AT&T, Sprint, T-Mobile, and Verizon — are joining forces to launch a single sign-on service for smartphones. The service, called Project Verify, authenticates app logins so that users dont need to memorize passwords for all their apps. The companies say their solution verifies users through their phone number, phone account type, SIM card details, IP address, and account tenure. Essentially, your phone serves as the verification method with details that are hard to spoof. Users have to manually grant apps permission to use Verify, and it works similarly to how you might log into some services through Gmail or Facebook instead of using a unique account password. Of course, these apps also have to choose to work with Verify, and the program hasnt listed any partners or when it intends to launch. The service can serve as your two-factor authentication method, too, instead of an emailed or texted code that can be intercepted. Users might not be totally safe if their phone is stolen. The Verify program automatically logs users in, so long as they have access to their phones home screen and apps. Obviously, installing a PIN or other biometric data as your lock screens protection would keep attackers out of your phone, but assuming they passed through that point, its unclear how easily they could access all your apps. Certain apps can require additional verification methods beyond the Verify app, a spokesperson says. So a banking app, for example, could also require a PIN, biometric data, or behavioral data. If someone managed to gain access to your phones home screen, however, and the apps you use dont require any additional verification methods, someone could likely log into all your accounts. Single sign-on services are clearly convenient; fewer passwords is a great thing. Theyre also an alternative to installing a password manager on your phone, which would still require you to remember the password to the app. Still, if someone compromises your one account (or device in this case), everything else will follow, so it could introduce some security liabilities.
Project Verify may let you ditch your password manager for good. AT&T, Sprint, T-Mobile and Verizon have teamed up to create a single sign-on service that could mean you won't have to use a password manager or remember your ( hopefully strong) login credentials for every app on your phone. The carriers say Project Verify can authenticate your logins by confirming your identity using factors like your phone number, SIM card information, the type of phone account you have, IP address and how long you've had your plan. Once it's up and running, you'll be able to use the Project Verify app to log into services that have enabled it as an option. It can display your latest sign ins to each app, and you can revoke access for those you don't use anymore. The technology can also be used for two-factor authentication. It'd be difficult for a hacker to spoof all of the methods that Project Verify uses to establish your identity, so it seems somewhat secure. However, if someone were to steal your phone and were able to unlock the device, they could cause all kinds of chaos. Some apps could require additional login data like a PIN or your fingerprint, a spokesperson told The Verge -- that'd add an extra layer of security for services that handle your most sensitive information. But if the apps stick with the core version of Project Verify's login process and someone accesses your device, every service you use could be compromised. Verizon owns Engadget's parent company, Oath (formerly AOL). Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.