The fading era of the “Old Password” – embracing a safer digital future
by Nicholas Rossman, Mobile Ecosystem Forum
A major data leak, in June 2025, exposed 16 billion login credentials linked to platforms such as Apple, Facebook, and Google – underscoring the growing inadequacy of the old password-based security. This colossal leak, compiled from various infostealer attacks over time, highlights a persistent vulnerability that cybercriminals are eager to exploit.
Beyond this recent incident, the past few years have seen a relentless wave of data breaches. In early 2024, the “Mother of All Breaches” (MOAB) exposed a mind-boggling 26 billion records. Preceding that, significant compilations like “RockYou2024” and a similar leak in 2021 exposed billions of unique passwords. These figures underscore a critical truth: relying solely on traditional passwords, especially reused or weak ones, puts our digital lives at immense risk.
Beyond the password: A glimpse at the future of authentication
The mobile industry recognizes the limitations of traditional passwords and is rapidly moving towards more secure and seamless authentication methods, actively developing and deploying cutting-edge alternatives.
One key area is Biometric Authentication, which leverages unique biological traits like fingerprints, facial recognition, iris scans, and even behavioral biometrics such as analyzing keystroke dynamics or mouse movements. This provides a highly secure and convenient way to verify identity.
Another crucial development is Multi-Factor Authentication (MFA). This method adds layers of security by requiring two or more verification factors. These factors typically include something a user knows (like a password or PIN), something they have (such as a smartphone or a security token), and/or something they are (using biometrics).
Passwordless Authentication aims to eliminate passwords entirely. This approach utilizes methods like cryptographic keys, smart cards, “magic links” sent to trusted devices, and one-time passcodes (OTPs) generated by apps or sent via SMS. Hardware security keys, such as YubiKeys, offer a
particularly robust passwordless solution.
Finally, Single Sign-On (SSO), while not completely password-free, significantly reduces the burden on users. It allows access to multiple applications with a single set of credentials, which in turn minimizes the risk associated with password reuse across different services.
Industry collaboration for a safer tomorrow
Alongside these improvements in authentication, the telecommunications and tech industries are actively implementing broader strategies to enhance both password safety and the overall user experience. While some solutions deployed have unfortunately already become targets for fraudsters, security in authentication remains a continuous effort.
For example, seamless connectivity initiatives like WBA Open Roaming now allow users to access secure Wi-Fi without manually entering passwords, significantly improving both ease of use and security for connectivity.
Some telcos are also using new tools to provide a safety net.
Artificial Intelligence and machine learning are starting to play a crucial role in real-time threat detection, identifying suspicious behaviour, and auditing networks for vulnerabilities. At the same time, robust encryption is being implemented for texts, calls, and cellular data to ensure sensitive information remains private.
Infrastructure upgrades, like the rollout of 5G networks, are enabling stronger user authentication measures and supporting advanced security software.
The adoption of Zero Trust models means that every user and device is continuously verified before accessing resources, regardless of their location.
While some commentators dislike the emphasis on user education in digital security, many believe it’s crucial. This perspective doesn’t aim to divert accountability from telcos and digital actors, instead, it recognizes the vital role users play in adopting secure practices, as well as their right to be informed and discerning about the digital security options available to them.
Efforts to promote cybersecurity best practices, encourage the use of unique and strong passwords, and advocate for multi-factor authentication to empower users to protect themselves. As the era of the “old password” fades, these innovative authentication services, biometrics, and the collaborative efforts of the telco and tech industries are collectively building a more secure and seamless digital future for everyone.
Many companies are already developing advanced solutions and leveraging artificial intelligence and machine learning to provide comprehensive voice and SMS fraud protection, while proactively detecting and blocking malicious activities.
It is clear the future will be passwordless, and this will mean our data is safer, however constant innovation will be required to keep ahead of the fraudsters to ensure the next level of authentication doesn’t become as ‘leaky’ as the old passwords.
ABOUT THE AUTHOR
Nicholas Rossman is a Programme Director at The Mobile Ecosystem Forum (MEF), a global trade body established in 2000 and headquartered in the UK with members across the world. As the voice of the mobile ecosystem, it focuses on cross-industry best practices, anti-fraud and monetisation. The Forum, which celebrates its 25th anniversary in 2025, provides its members with global and cross-sector platforms for networking, collaboration and advancing industry solutions.
Web: https://mobileecosystemforum.com/
Twitter: https://x.com/mef
LinkedIn: https://www.linkedin.com/company/mobile-ecosystem-forum