AT&T, Verizon, and T-Mobile’s passwordless future has slipped away

Originally announced as “Project Verify” in 2018, ZenKey was meant to be a single sign-on system, similar to the sign in with Google or Apple buttons that you see on various websites. The idea was that each carrier would offer an app that could verify your identity, then act as a pass whenever you went to log into a supported website or carry out something like a bank transfer. In theory, it could be more secure because it used data from your SIM card and location to make sure it was really you trying to log in.

It doesn’t seem like ZenKey got very far though, and now it’s mostly disappeared. LightReading reports that the website for it is down, AT&T stopped supporting it last year, and the “ZenKey powered by Verizon” app is no longer available in app stores (at least in the US). T-Mobile’s website seems to have almost no references to the system as far as Google can find, though there is one article from mid-2020 on its business site that mentions it.

To those who are familiar with the history of multi-carrier joint ventures, this outcome isn’t necessarily a surprise. LightReading called it when the service was announced in 2019, running the headline “Meet ZenKey: Telcos’ Doomed Single Sign-On Service.” The Verge’s Dieter Bohn called ZenKey “the right idea from the wrong companies” when he wrote about the Cross-Carrier Messaging Initiative that attempted to replace SMS with the then-burgeoning RCS. He based his opinion on past products like SoftCard, which aimed to compete with Google Wallet and Apple Pay. (It succeeded about as well as CCMI did, which is to say not at all — though it probably didn’t help that when it launched in 2013 it was called “ISIS,” a name that was about to mean something very bad to a lot of people).

In the end, the usefulness of a service like ZenKey is going to rely on how much third-party support it gets — even if your app is great, most people aren’t going to bother with it if they can only use it to log in to three or four sites. And why would developers add ZenKey to their sites when there are other options from the likes of Google, Apple, Amazon, and Meta, which all have their own single sign-on solution with accounts people already use? Those would also likely have much better brand recognition when a user hits a login page.

Case in point: here are all the sites and apps that worked with ZenKey in July 2022, according to a Wayback Machine archive of its now-defunct website:

A press release from late 2020 mentions that other companies like Proctorio and DocuSign had “plans to trial or go live” with support for the service, but it seems like that didn’t exactly work out.

Even if the cell carriers (predictably) weren’t able to get rid of passwords, I do hope that they eventually become a thing of the past. But getting rid of them will require a much harder push from a much bigger group; perhaps passkeys, a FIDO-powered passwordless authentication system pushed for by Apple, Google, Microsoft, and the like, will end up being the thing. But unless it becomes widely adopted (which isn’t exactly for sure), we’ll likely be stuck with the patchwork of successful single sign-on options, password managers, and scattered sticky notes we know we shouldn’t use but do anyhow.