Industry Blog

Seamless sign-ins: Adding SMARTS to passwords

By John Giere, President and CEO | Aman Brar, VP, SDM Product & Global Business Development

 I credit my friend and well-regarded wireless industry analyst Mark Lowenstein for inspiring this blog.

Mark recently published a survey after he polled his friends and business colleagues on what real-world everyday problems they would like tech companies to solve. The results from his poll can be found here.  The second ranked problem on his top ten list is ‘A Simplified Log-in and Password Regime”.

We all have some element of dislike of the present “log-in and password regime” for the simple reason that it is so darn hard to remember all the usernames and passwords without using Post-it notes or scraps of paper!  Content and application providers don’t like the “regime” either. Customers often forget them, call up to reset passwords and in turn create added costs and disruption to the service flow.

As if that was not enough, the password based system creates a significant security risk for providers as they can be hacked, phished or stolen — just ask Yahoo! The irony of all this is that the password based user authentication system is on the rise. A recent study found that the number of online accounts is growing at a 14% rate, it doubles every 5 years.


 Isn’t it time to switch to something easier? How about we from a what you know to a ‘what you have’ or ‘who you are’ system? The GSMA’s Mobile Connect provides such a capability. The beauty is that it leverages the most prevalent ID system in the world — with over 6 billion IDs worldwide and growing – it is the mobile phone number. This method authenticates users with ‘what you have’ – a mobile phone and number. Increasingly implementations also use bio-metrics to authenticate users via fingerprints or facial recognition which is based on ‘who you are’.

What’s the catch?

The catch is that the adaption rate of Mobile Connect has been slow. It is a classic chicken and egg problem.  First, Mobile Connect Authenticators must be made available in a seamless, easy to access manner to content providers. Second, the content providers must add Mobile Connect as an authentication service to their existing verification systems which in turn makes it available to their customers.  Finally, Mobile Connect needs to be available globally.

As of Feb 2017, mobile connect was available via 51 operators in SE Asia, LATAM and parts of Europe.  The non-participant mobile operators will cite the main impediment to their participation as: If I agree to support the Mobile Connect password system, how do I monetize it?  On the Content Provider side, not enough content providers are using Mobile Connect. They cite their main concern as:  Mobile Connect changes our login mechanisms and introduces additional steps of complexity. So, the industry is left with the question: How can we create a more frictionless experience for all parties?

Start by following the money

Content providers are monetizing services on mobile networks at an extraordinary pace.  To take one example, Facebook’s ARPU in the US now exceeds the ARPU of many traditional telcos in the developing world. It is growing amazingly fast even by Facebook’s high standard for growth speed.

This ARPU is driven from Facebook’s knowledge of their users and by making user experiences seamless. They are on the same quest — looking for ways to make their user experience more “frictionless.”  Facebook and other content and application providers are all incentivized to reduce the problems associated with the present “password regime”.  Rather than wait for a solution, they are taking the lead to address this challenge. For example, Facebook Connect, a single sign-on solution allows users to interact on other websites using their Facebook identity.

Wake up!

 Mobile operators could be a major player in leveraging such a solution to their economic and to their subscribers’ benefit.  They can help deliver a new customer experience by enabling a Digital Identity token system via GSMA’s Mobile Connect.  This new system – free of Post-it notes and scraps of paper – authenticates the user with identity tokens that are unique to each content provider and are given out to content providers without introducing new user interactions.  Content providers can then use these tokens to seamlessly authenticate the users or use them in combination with their existing login solutions to add additional layers of security.  Operators are in a unique strategic position —   to be the authoritative providers of these tokens – this is how they can add value to the OTT ecosystem.

The solution

Openwave Mobility has the expertise and secure technology to help you manage and monetize this new digital identity world. Our SmartIDM solution provides a new robust Authenticator for Mobile Connect that leverages the network identity of the subscriber. We create a digital identity token in real time making that available to content providers who use this to facilitate a seamless login and password experience.  We can also add subscriber attribute information which can be passed via the identity tokens.  This enables mobile operators to monetize their subscriber traffic through new use cases such as micro-transactions, video plan upsells and in the very near future IoT.

Time to replace the “old regime.”  SmartIDM delivers a new Digital Identity experience. Request a demo today to see how you could secure new revenue streams.