As a cloud native identity-as-a-service (IDaaS) solution, IBM Security Verify can continuously iterate to keep up with authentication standards, protocols, and trends in the market. Verify provides users wide authentication options like biometrics, QR codes or even FIDO2 hard tokens, along with social login options like Google, LinkedIn, Apple, or more region-specific providers. Some authentication options are seen by industry experts as more secure than others, particularly compared to dated MFA methods like knowledge questions or SMS one-time passwords (OTP). Verify delivers the flexibility to choose between a vast set of methods to fit user preferences or business requirements.
The Mobile Network Advantage
Verify has extended its authentication options by integrating with ZenKey, a joint venture founded by AT&T, T-Mobile, and Verizon. ZenKey relies on data derived from wireless carriers to verify users. It provides a highly secure way for online services to verify their customers’ identities when they login from a mobile device for registration, authentication, and transaction confirmation. Based upon OpenID Connect authentication protocol, ZenKey integrates the trusted security attributes of the Subscriber Identity Module (SIM) card with certain data derived from wireless carriers. Therefore, it is less susceptible to stolen credentials or SIM swap fraud. In addition, ZenKey offers trust signals that indicate if a SIM has recently changed. The result is a more secure network-based, multifactor authentication that does not rely on costly SMS OTP or email codes, while eliminating barriers for subscriber adoption and providing a higher rate of customer conversions.
ZenKey delivers a Mobile Network Advantage for both consumers and businesses:
- Consumers can quickly create accounts on websites and apps that use ZenKey and then later log in with one click. They can transact with confidence while enjoying a seamless authentication experience, even after getting a new phone.
- Businesses can help reduce vulnerability to malicious attacks using ZenKey’s on-demand fraud signals and indicators. The app easily integrates with existing applications and works with current identity management systems.
How Secure is ZenKey?
We can broadly classify the security assurance spectrum into four categories as shown below. The spectrum ranges from pure software-based solutions on the left (i.e. Google, Facebook, LinkedIn) through hardware secure elements on the right (i.e. Yubikey and Google Titan Key).
ZenKey provides a high level of security assurance starting with the security of the mobile Universal Integrated Circuited Card (UICC). The UICC is a tamper-resistant hardware computing platform with an independent operating system and applications. All modern SIM cards are based upon the UICC platform. ZenKey uses privileged, mobile platform-specific APIs to perform network attestations using the Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA). It provides high assurance by extending the default mobile platform security with network-based EAP-AKA attestations. Therefore, existing mobile devices with modern SIM cards can provide high security assurance that is comparable to hardware-based security keys (4 below).
Integrating ZenKey with Verify
You can integrate ZenKey into your existing IBM Security Verify deployment by simply choosing it as an additional identity solution within the configuration options in the admin view. As an enterprise grade IDaaS, Verify as an identity provider can keep up with timely innovations in the authentication space. With this ZenKey/Verify integration, organizations can further bolster convenient and highly secure authentication options for external and internal users alike.
<< Learn more about ZenKey >>