While Apple foresees consumers soon charging their groceries with the tap of an iPhone, Verizon is banking on federal agency employees soon being able to sign confidential contracts with the tap of any smartphone.
The telecommunications giant – the first firm certified to offer high-level online identity protection for federal personnel – is now working with agency customers to replace passwords with smartphone QR code -- short for quick response -- scanners.
"The website comes up. I point my phone at it. I’m in," Peter Graham, senior identity strategist for Verizon Enterprise Solutions, told Nextgov.
Here's how it works: An employee pulls up a website and directs his or her phone to a QR code on the login page. Then, an app on the phone pings Verizon's ID database for verification, and, voila, the document is "signed."
The "universal ID service" works across department systems, so an employee could potentially use the same move to open a terrorist watch list or criminal records database.
Agencies can layer on additional security by requiring users to enter a one-time PIN sent to the smartphone after the user scans the QR code. Or "we can do a geolocation check to see that the phone is actually in an area that makes sense -- that the phone isn’t in the Ukraine," for example, Graham said.
He expects agencies to be checking IDs with QR codes within the next six to nine months.
Beyond convenience, the gambit offers a way to banish passwords at a time when even Apple devices, known for their relative impenetrability, have come under scrutiny for alleged vulnerabilities that led to the leaking of celebrity nude selfies.
"Every single day almost, you can just grab a newspaper and you have a really good shot at seeing some kind of data breach," Graham said. "We’re getting lots of interest, and we feel like it’s going to be received rather well."
Verizon declined to disclose prospective federal customers.