Originally announced as “Project Verify” in 2018, ZenKey was meant to be a single sign-on system, similar to the Google or Apple button login you see on various websites. The idea was that each carrier would offer an app that could verify your identity and then act as a pass whenever you logged into a supported website or made something like a bank transfer. In theory, it could be more secure because it uses data from your SIM card and your location to ensure that it is really you who is trying to connect.
It doesn’t look like ZenKey got very far, and now it’s almost gone. light reading reports that the corresponding website is down, AT&T stopped supporting it last year, and the “ZenKey powered by Verizon” app is no longer available in app stores (at least in the US ). T-Mobile’s website appears to have almost no reference to the system as far as Google can find it, although there is a mid-2020 article on its business site that mentions it.
For those familiar with the history of multi-operator joint ventures, this result is not necessarily a surprise. light reading called it when announcing the service in 2019, under the title “Meet ZenKey: Telcos’ Doomed Single Sign-On Service”. The edgeDieter Bohn called ZenKey “the good idea from bad companies” when he wrote about the Cross-Carrier Messaging Initiative which was trying to replace SMS with the then burgeoning RCS. He based his opinion on past products like SoftCard, which aimed to compete with Google Wallet and Apple Pay. (It did about as well as CCMI, i.e. not at all – although it probably didn’t help that when it launched in 2013 it was called “ISIS”, a name that was about to mean something very bad to a lot of people).
Ultimately, the usefulness of a service like ZenKey is going to depend on how much third-party support it gets – even if your app is great, most people aren’t going to care if they can’t. use it only to connect to three or four sites. And why would developers add ZenKey to their sites when there are other options like Google, Apple, Amazon, and Meta, all of which have their own single sign-on solution with accounts people already use? These would also likely have much better brand recognition when a user lands on a login page.
Example: Here are all the sites and apps that worked with ZenKey in July 2022, according to a Wayback Machine archive of its now-defunct website:
A late 2020 press release mentions that other companies like Proctorio and DocuSign had “plans to test or go live” with the service’s support, but it doesn’t seem like it really worked out.
Even though cellphone carriers (predictably) haven’t been able to get rid of passwords, hopefully they will be a thing of the past. But getting rid of them will require a much harder push from a much larger group; maybe Passkeys, a FIDO-powered passwordless authentication system pushed by Apple, Google, Microsoft, etc., will end up being the thing. But unless it’s widely adopted (which isn’t exactly sure), we’ll likely be stuck with the patchwork of successful single sign-on options, password managers, and sparse sticky notes we know we shouldn’t use but need to do anyway.
