These days, it seems a new record-breaking credential leak surfaces almost every month.
This June, cybersecurity researchers have discovered 30 separate datasets containing over 16 billion login credentials from platforms such as Google, Meta, Apple, Telegram, GitHub, and even some government services. A Usain Bolt of leaks, right?!
Is the data verified? Not completely.
Some experts claim that the dataset is alarmingly fresh, well-structured, and weaponizable, while some caution that it may just contain data recycled from other data breaches from over the years.
One thing’s for sure: the common denominator is the password, making passwordless non-negotiable. However, before we delve into some options, let’s examine the data leak in detail.
The Scope of the Breach: Why It Matters
The record-breaking database of 16 billion exposed credentials is spread across 30 different databases, some of which contain over 3.5 billion entries.
It’s important to note that this isn’t a single company’s security failure. If anything, it’s a failure of the authentication method we’ve been using for so long, in its original form.
But more than anything, it’s a massive, curated archive of stolen login data.
Based on the information published by The Guardian, around 85% of the credentials come from infostealer malware while 15% were compiled from previous data breaches. This is why many outlets, including Cybernews, refer to the dataset as “well-structured and weaponizable”.
Because these credentials hold the key to platforms such as email providers, cloud services, financial apps, and social media, even a minor portion of the data would be enough to launch large-scale credential stuffing or even phishing campaigns.
I’ll say that this breach is a reminder of how fragile our current identity systems really are. Lately, it seems it’s not a matter of if your credentials are exposed, but when.
Can SMS OTPs as two-factor authentication help?
Passwords and OTPs: A Sinking Ship
Yes! It’s definitely better than only having your accounts protected by passwords, but it’s far from the level of security that we need today.
SMS OTPs come with a slew of vulnerabilities: they can be intercepted due to an in-built flaw, they’re vulnerable to phishing and SIM swapping attacks, and they slow down the user experience.
Since the inception of SMS, this technology has relied on the SS7 protocol which is susceptible to interception and rerouting. I’m sure we’d all agree that this is far from ideal for a tool used to deliver one-time passwords, and it’s why the National Institute of Standards and Technology of the US Department of Commerce said SMS for 2FA was a deprecated solution back in 2017.
Moreover, SMS OTPs are highly vulnerable to phishing and SIM swapping attacks, the former of which has surged by an astonishing 4,151% since the introduction of Chat GPT, and the latter of which has an 80% success rate.
And last but not least, this authentication method also leaves businesses exposed to customer frustration and user drop-offs. Today’s customers expect a frictionless user experience, so much so that 70% of users say they prefer an authentication method simply because it’s easier to use, and 95% of multi-factor authentication users prefer mobile apps for their convenience.
The great news? Passwordless, bank-grade secure AND frictionless authentication solutions that cater to customer expectations exist today.
Passwordless Done Right: SIM‑Based Mobile ID
We’ve designed IPification to uphold the values customers expect in 2025: security and a frictionless user experience, no compromises.
To authenticate users, IPification relies on the powerful mobile network operator tech infrastructure. It generates a unique mobile ID key for each user, based on their device, SIM card, and network data, and verifies them in milliseconds after only one tap.
It’s passwordless, so phishing is no concern — and it comes with a SIM Swap Detection solution. As soon as a new SIM card is detected, IPification lets mobile app developers stop any further authorization requests until the user confirms they’re indeed using a new SIM card, thereby preventing any damage from being done.
Best of all: it’s loved by mobile network operators, app developers, and users alike.
As of today, IPification has a global subscriber coverage of 3.3 billion with its solutions available in 22 markets and currently deploying in another 17.
On the other hand, the Singaporean Tiger Brokers app has seen a 58% improvement in conversion rates for mobile registrations, with over 17,000 users adopting the one-click login feature. Great user engagement and satisfaction!
And that’s another thing: besides helping keep your business secure, implementing solutions such as IPification help your bottom line.
Business Impact: Better Security, Better UX
More than just a cybersecurity tool, mobile authentication is one of the best ways to drive growth: from user acquisition and engagement, to retention and user loyalty.
Your onboarding is one of the most important aspects for user acquisition. In fact, only 14% of users return to an app after the first 24 hours and 60% won’t use it at all if they don’t engage within that first week.
With a frictionless onboarding experience, however, you can ensure more users try the app out right after they download it. You don’t want to lose them before they even see your product!
And then there’s opportunity! Did you know that 87% of users feel either neutral or dissatisfied with how their digital identity is managed? A great mobile ID management system would give you a great competitive edge over competitors and build user trust.
Driving growth doesn’t stop at onboarding: a good user retention engine is a must, and friction costs conversions. So much so that a 1-second delay in load time can cut conversions by 7% while 60% of users say they often feel slowed down or blocked from accessing online services. The smoother your login process, the higher your retention rates.
Finally, all of this ties into user trust and loyalty.
In today’s digital economy, trust is currency. 93% of US business leaders say trust directly impacts the bottom line. Consumers are paying attention too: 79% say data protection is a top priority, and 73% want a reliable, consistent experience.
But where things get interesting is there’s a major trust gap, and that can negatively affect the prioritization in companies. While 90% of business executives believe customers trust their companies, only 30% of consumers actually agree. That’s a massive disconnect that your business should take advantage of to improve your bottom line.
And passwordless authentication such as IPification? It has an answer for each of these questions: keeping your business secure, user experience frictionless, and users satisfied.
That being said, authentication is rarely a one-size fits all solution. But we’d love to help you figure out the best path for your app. Contact us today and schedule a free consultation!
