An Antidote to Password Pain

US carriers launch ZenKey for a smooth authentication experience

According to the organization tasked with creating the ZenKey authentication technique, the average mobile user has to manage 92 passwords. That might seem like a worst-case number, but even having just a dozen or so different login details is like juggling chainsaws: it’s getting hazardous.

We first wrote about the ZenKey initiative a year ago, when major US wireless carriers started a collaboration to offer a smoother and more secure mobile web experience (see US Carriers Team Up to Axe Passwords). Last week, two years after it was conceptualized by the Mobile Authentication Taskforce, ZenKey went live. The new identity solution is looking to replace somewhat cumbersome and not-quite-bulletproof authentication methods such as single-use codes sent over text messages.

ZenKey claims to have a unique advantage as it’s a network-based identity solution that uses data provided by wireless carriers to authenticate users. It verifies a customer’s identity with a combination of signals that wireless networks rely on every day. The service also promises users easy access to apps and websites when they sign in with ZenKey, providing highly secure registration, authentication and transaction confirmation.

ZenKey requires users to have an Android or iOS smartphone ― this is becoming the norm; businesses and municipalities in most advanced countries are developing systems with the knowledge that a smartphone is almost always at hand. To get the service up and running, users download the ZenKey app from the Google Play Store or Apple App Store, and create an account by setting a username and, of course, a password. ZenKey recognizes the user’s phone number and allows them to associate biometrics with their ZenKey account. The platform then helps eliminate the need to remember, manage or update dozens of credentials, while providing fraud protection (this video demonstrates how the tool works).

The aim of the initiative is to get web brands and services to integrate with ZenKey technology, and solve the hassle of multiple passwords and one-time authentication. In addition to mobile phones, the platform also works on trusted laptops and tablets that the account holder chooses to link with the ZenKey app.

For now, ZenKey authentication is only supported by a couple of mobile apps ― LiveXLive and Verizon My Fios ― in addition to websites including AT&T and DirecTV. DocuSign, Envisible, FilesAnywhere, Global Grid for Learning and Proctorio are getting their sites to work with the solution.

Of course, ZenKey isn’t the only solution available, and other companies, in particular Apple, have been trying to position themselves as custodians of people’s digital identities. It’s understandable that carriers would prefer to have control of this very personal relationship with their customers instead of ceding control to third parties, and we expect this battle to play out for some time.

Operators and web service providers have been searching for the secret ingredient for seamless and secure digital authentication since the beginning of the Internet. For ZenKey to truly succeed, it needs to offer an attractive reason for people to use it, and to trust their wireless service providers, rather than another trusted brand, to be the point of authentication.