In June 2025, a major data leak exposed 16 billion login credentials linked to platforms such as Apple, Facebook, and Google – underscoring the growing inadequacy of password-based security. As cyber threats escalate, the mobile ecosystem is accelerating efforts to adopt more secure, user-friendly authentication methods. MEF Director of Programmes, Nicholas Rossman explores current developments, industry responses and MEF’s role in building a safer digital future.
The digital landscape is constantly evolving, and with it, the threats to our online security. In June 2025 the public learned of a staggering leak of 16 billion login credentials impacting major platforms like Apple, Facebook, and Google, which serves as a stark reminder: the “old password” is no longer as safe as we once believed. This colossal leak, compiled from various infostealer attacks over time, highlights a persistent vulnerability that cybercriminals are eager to exploit.
Beyond this recent incident, the past few years have seen a relentless wave of data breaches. In early 2024, the “Mother of All Breaches” (MOAB) exposed a mind-boggling 26 billion records. Preceding that, significant compilations like “RockYou2024” and a similar leak in 2021 exposed billions of unique passwords. These figures underscore a critical truth: relying solely on traditional passwords, especially reused or weak ones, puts our digital lives at immense risk.
Beyond the Password: A Glimpse at the Future of Authentication
As the era of the “old password” fades, these innovative authentication services, biometrics, and the collaborative efforts of the telco and tech industries are collectively building a more secure and seamless digital future for everyone.”
The industry recognizes the limitations of traditional passwords and is rapidly moving towards more secure and seamless authentication methods. MEF members and the broader telco and tech industries are actively developing and deploying cutting-edge alternatives.
One key area is Biometric Authentication, which leverages unique biological traits like fingerprints, facial recognition, iris scans, and even behavioral biometrics such as analyzing keystroke dynamics or mouse movements. This provides a highly secure and convenient way to verify identity.
Another crucial development is Multi-Factor Authentication (MFA). This method adds layers of security by requiring two or more verification factors. These factors typically include something a user knows (like a password or PIN), something they have (such as a smartphone or a security token), and/or something they are (using biometrics).
Passwordless Authentication aims to eliminate passwords entirely. This approach utilizes methods like cryptographic keys, smart cards, “magic links” sent to trusted devices, and one-time passcodes (OTPs) generated by apps or sent via SMS. Hardware security keys, such as YubiKeys, offer a particularly robust passwordless solution.
Finally, Single Sign-On (SSO), while not completely password-free, significantly reduces the burden on users. It allows access to multiple applications with a single set of credentials, which in turn minimizes the risk associated with password reuse across different services.
Industry Collaboration for a Safer Tomorrow
The telecommunications and tech industries are actively implementing broader strategies to enhance both password safety and the overall user experience. While some solutions deployed have unfortunately already become targets for fraudsters, security in authentication remains a continuous effort.
The industry is notably moving away from traditional passwords. For example, seamless connectivity initiatives like WBA Open Roaming now allow users to access secure Wi-Fi without manually entering passwords, significantly improving both ease of use and security for connectivity.
Some telcos are also using new tools to provide a safety net.
Artificial Intelligence and machine learning are starting to play a crucial role in real-time threat detection, identifying suspicious behaviour, and auditing networks for vulnerabilities. At the same time, robust encryption is being implemented for texts, calls, and cellular data to ensure sensitive information remains private. Infrastructure upgrades, like the rollout of 5G networks, are enabling stronger user authentication measures and supporting advanced security software. The adoption of Zero Trust models means that every user and device is continuously verified before accessing resources, regardless of their location.
While some commentators dislike the emphasis on user education in digital security, MEF believes it’s crucial. This perspective doesn’t aim to divert accountability from telcos and digital actors. Instead, it recognizes the vital role users play in adopting secure practices, as well as their right to be informed and discerning about the digital security options available to them.
Efforts to promote cybersecurity best practices, encourage the use of unique and strong passwords, and advocate for multi-factor authentication to empower users to protect themselves. Simply put it should be an acceptance from users that leaving the trusted password model . As the era of the “old password” fades, these innovative authentication services, biometrics, and the collaborative efforts of the telco and tech industries are collectively building a more secure and seamless digital future for everyone.
The Mobile Ecosystem Forum: Leading the Charge Against Fraud
The Mobile Ecosystem Forum and its members are at the forefront of combating mobile fraud and strengthening digital security. Through its Anti-Fraud programmes and initiatives such and the “Business SMS Fraud Framework,” MEF fosters collaboration across the industry—bringing together regulators, operators, carriers, and brands to eliminate fraud and build trust in mobile communications.
MEF actively supports technologies such as Caller Line Identification (CLI) authentication and encourages agile responses to the ever-changing tactics of fraudsters. Our members are developing advanced solutions, leveraging artificial intelligence and machine learning to provide comprehensive voice and SMS fraud protection, proactively detecting and blocking malicious activities.
Join Our Insight Groups
If you’re a MEF member, join our ID & Data and Antifraud insight groups. These groups offer a platform for discussions, initiatives, and continuous updates on these crucial topics.
