Mobile security

Meet ZenKey: Telcos' Doomed Single Sign-On Service

The nation's four big wireless network operators are planning to unveil ZenKey, a password-saving service, at this month's big Mobile World Congress Americas trade show in Los Angeles. From the looks of things, it's poised to be the next Isis.

No, I don't mean it will be the next Iraqi terrorist organization. I mean it's a big joint venture among the nation's wireless network operators that's almost definitely going to fail, like the mobile payments joint venture among Sprint, AT&T, T-Mobile and Verizon that launched under the unfortunate brand "Isis" in 2010. Isis, by the way, rebranded itself as "Softcard" in 2014 -- right before Google purchased it and folded it into its Google Wallet service (which is now called Google Pay).

There's a good chance ZenKey will follow a similar trajectory. In fact, it's already traveled through several different names like Isis/Softcard/Google Wallet/Google Pay did. It initially sprung from the GSMA's "Mobile Connect" program for digital authentication and was called the "Mobile Authentication Taskforce" in 2017 before the operators rebranded it into "Project Verify" earlier this year. And now, just a few months later, it's called ZenKey.

However, it looks like it's only a year behind schedule (it was initially supposed to launch in 2018) so there's that.

On the plus side, ZenKey is attempting to solve an actual problem: too many passwords. Basically what the four big US wireless network operators want is for Amazon, Dropbox, Spotify, Netflix and other online services to use ZenKey instead of their own login and password systems. From a customer standpoint that would be nice -- you wouldn't have to remember a hundred different passwords -- and the mobile operators argue it's more secure because they have data on your location and your phone's SIM card (which is not creepy at all). But I have my doubts that companies like Spotify will use ZenKey because, as any publisher can tell you, you should never trust your subscriber database to a third party. Have I mentioned that you should sign up for Light Reading's newsletters with your email address and password?

That said, ZenKey is going to go up against some absolute giants in the space like Google and Facebook, which have been offering their own "single sign-on" (SSO) services for years (that's why you can click on the "sign in with Facebook" button on websites like Pinterest). And it's also going to have to compete with new entrants like Apple, which recently announced its own "sign in with Apple" service.

Single Sign-Ons
(Source: ZenKey)
(Source: ZenKey)

Let's see... Should I sign in with a service I've never heard of (ZenKey) or one that has made customer privacy a cornerstone of its business? (I'm talking about Apple here, by the way, not Facebook, which has made selling customers' information a cornerstone of its business.)

If history is any indication (think Isis, or SMS or app stores or streaming music, the list goes on) there's a good chance ZenKey is eventually going to be consumed, or subsumed by FANG (Facebook, Apple, Netflix, Google -- meaning, the world's big Internet companies). The only real question is when and how.

Mike Dano, Editorial Director, 5G & Mobile Strategies, Light Reading | @mikeddano

Mike Dano 10/3/2019 | 5:45:05 PM
Update I updated the story to remove the last sentence, which was from another story and somehow snuck into this one. Doh.
HardenStance 10/2/2019 | 12:35:02 PM
Doomed? Nice piece, Mike.

Inclinded to agree with much of your analysis. 

Two comments:

1) It's not obvious to me that the carriers themselves would necessarily disagree with you. By that I mean there's every chance they have no illusion of overhauling FANG with this iteration but rather view it as a means of testing the waters, learning the boundaries of their own limitations, and generally keeping some 'skin in the game' in SSO.

2) If I've understood your 5G point correctly, I agree with you. With the cost and capacity that 5G will provide  (with extensive coverage), and with the growing demand for frictionless wireless connectivity at home, on the employer's premises and on the premises of customers, partners, and suppliers, as well as coffee shops, airports etc, persistent 5G connectivity will become an important competitive weapon for telcos. There are opportunities to layer SSO of some kind on top of that - whether that's ZenKey or something else.
Sign In