For this scheme to work, consumers are going to have to trust that their mobile provider and the apps and the websites are going to keep their data secure. And that could be a tough sell, especially when the carriers have done a dismal job of it recently. Two recent examples of this are Securus Technologies, a mobile phone location tracking company that handed over customer location data to the police or LocationSmart, a data aggregator, with a demo-page that let anyone find real-time location data on about any American with a mobile phone.
It’s also not clear how Project Verify would deal with a stolen phone or is equipped to deal with SIM swapping, an increasingly popular scheme where the bad guys get control over a mobile number by pretending to be the real owner over the phone or at the retailer. Once they’ve got the number, all calls and texts go to the bad guy’s phone – including those pesky authentication messages your bank and other accounts send out.
There has been no mention of a European variant, but it seems unlikely that Project Verify would meet GDPR restrictions on collecting personal data. Project Verify is now in a private beta testing phase with an actual launch a year down the road. You can check out their website and watch a video on the project here. One would think that a authentication project would have an secure HTTPS website.
Until then, good luck remembering your passwords.