AT&T, Verizon, and T-Mobile’s password-free future is gone.


Originally announced as “Project Verify” in 2018, ZenKey was meant to be a single sign-on system similar to logging in with the Google or Apple buttons found on various websites. The idea was that each carrier would provide an app that could verify your identity, then act as your pass whenever you logged into a supported website or performed an action such as making a bank transfer. In theory, this could be more secure, as it uses the SIM card’s data and location to verify that it’s actually the person trying to log in.

But ZenKey doesn’t seem to have advanced much, and it’s mostly gone now. light reading The website for it is down, AT&T stopped supporting it last year, and the “Verizon powered by ZenKey” app is no longer available on the App Store (at least in the US). T-Mobile’s website appears to contain very little mention of the system, as far as Google can find it, but the business site has one article from mid-2020 mentioning it.

For those familiar with the history of multi-airline joint ventures, these results aren’t necessarily surprising. light reading When the service was announced in 2019, it was called “Meet ZenKey: Telcos’ Doomed Single Sign-On Service.” The Vergewrote about the Cross-Carrier Messaging Initiative, which attempted to replace SMS with the then-burgeoning RCS, calling ZenKey “the right idea from the wrong company”. He based his comments on past products such as SoftCard, which aims to compete with Google Wallet and Apple Pay. (It was as successful as CCMI was, i.e. it wasn’t at all. Perhaps it didn’t help that it was called “ISIS” when it started in 2013. Many people).

In the end, the usefulness of a service like ZenKey depends on how much third-party support you get. Even if your app is great, most people won’t care if it can only be used for logs. on 3-4 sites. There are other options like Google, Apple, Amazon, and Meta, all of which have their own single sign-on (SSO) solutions with accounts people already use, so why would a developer add ZenKey to their site? You can also have much better brand awareness when users hit the login page.

Case in point: here are all the sites and apps that worked with ZenKey in July 2022, according to the Wayback Machine archives of now-defunct websites:

Realistically, how many services would a person sign up for?
Image: ZenKey via The Wayback Machine

A press release from late 2020 mentioned that other companies like Proctorio and DocuSign had “plans to either go pre-release or go live” with service support, but that didn’t seem to work.

Even if your mobile carrier can’t (predictably) remove your passwords, we hope that eventually passwords will be a thing of the past. But removing them would require a much stronger push from a much larger group. Perhaps Passkey, a FIDO-based passwordless authentication system promoted by Apple, Google, Microsoft, and others, will eventually become the thing. But unless it’s widely adopted (I can’t know for sure), you’re likely stuck in a patchwork of successful single sign-on options, password managers, and scattered sticky notes that you know you shouldn’t use but somehow should. .

Leave a Comment