OTPless – Authenticating Digital Users

published By Abishek Chopra , Aviral Bhatnagar , March 4, 2024

We invested in OTPless almost a year ago, backing their vision to enable the authentication of digital users. Fast forward 1 year, they have built a full stack authentication platform enabling businesses to seamlessly incorporate multiple authentication workflows in their existing mobile/web applications to authenticate their user’s digital identity (mobile or email). They have expanded beyond India to multiple countries. 

Let’s deep dive to understand the problem statement, solution, and the journey ahead.

Problem Statement

Imagine you’re a B2C gaming platform. You have a new user on your platform trying to sign up. While signing up, the new user faces an OTP challenge (say OTP does not arrive), the user will drop off due to a bad user experience, and you lose the opportunity to convert the lead to a customer. Imagine this happening to 20% of your users landing on your page. Now, that’s a lot!

And this is not limited to just gaming, every company offering Signup/Signin functionality needs to verify a user’s identity every time they log into their app or website. 

A user’s mobile number has become his / her digital identity on the internet in today’s world. Similar to how a person needs a passport (Physical identity) to travel to multiple countries, users need a digital identity (mobile number) to use specific mobile/web applications in the digital world. Also, similar to how immigration is the authentication layer for physical identity, OTP-based verification is the authentication layer for mobile number verification (digital identity)

Authentication of users is a “Must-have” step that companies cannot do away with. However, any friction at this point can lead to losing a lead who has landed on the site or downloaded the app and is present on the home screen. Hence the right balance of authentication and user experience needs to be ensured.

OTPs come with various challenges for businesses & users. These include:

  • Challenges for Business:
    • Broken Outbound SMS – The current SMS infrastructure cannot support rising SMS traffic. On an average, 40% of SMS fail. During peak hours, the success rates are even worse. OTPs are time sensitive and has to reliable.
    • Significant Development Efforts – Need a team to build and monitor consistently given the fast-paced developments in technology.
    • Less Secure – SMS OTPs are relatively easy to hack. Rs. 1,500 Cr lost in 2021 due to OTP Phishing frauds in India alone.
    • High cost of SMS – SMS cost of $120k vs. WhatsApp cost of $40k for 10M authentications.
    • Lower conversion – High friction on Login/Sign-up leads to users dropping off
  • Challenges for users:
    • Remembering multiple passwords: Multiple B2C applications have their unique password requirements.
    • Cumbersome password reset – Many steps in the reset process increases friction.
    • Time-bound sessions – Limited time to enter OTP and delayed receipt of OTPs by users.
    • Additional friction with 2FA – Almost all large platforms & banks require their users to validate their mobile number as an additional factor of authentication, adding an additional step in their onboarding or transaction journey.

While there are many companies like Google, Meta, Twitter, Okta that provide a suite of tools to enable businesses to authenticate their users, they are limited to email-based authorization. 

SMS-based OTPs were first used to authenticate mobile numbers in the 1980s, and since then, no significant shift has been made in this workflow. While efforts have been made to make the flow of OTPs smoother, no new alternative for authenticating mobile numbers has been developed.

OTPless is looking to disrupt this and reimagine the authentication of Mobile Numbers.

Solution & Value Proposition

OTPless started by building a simple ‘WhatsApp Sign-in API’, which could be integrated into a business’s mobile/web app flow as an alternative authentication modality to enable authentication of mobile numbers. It was an authentication protocol to authenticate a user using WhatsApp. 

Factoring in feedback from various customers & users, they have now expanded to become a full-stack identity and access management suite for businesses to provide multiple authentication methods to their end users like Sign in with Google, Facebook, Twitter, Slack, Github, Line, Viber etc. Moreover, the platform offers much-needed functionalities like user management and session management.

The platform is fully customizable, highly scalable and caters to businesses of all sizes, whether they have 10k monthly authentications or 10M. OTPless can be integrated in minutes with your Shopify store, WordPress Site, Android or iOS App. The SDKs/APIs are available for all platforms.

Merchant Onboarding Journey

User Sign-up / Login Flow on OTPless powered Application:

‘Login via WhatsApp’ ensures a seamless experience for end users through:

  • Smooth Sign-up / Login – Two-tap login for users via WhatsApp
  • Removes Re-Authentication – Once a user logs on to any OTPless-powered application once, for any future sign-up / login, the user shall be automatically authenticated without the need to go through the same steps unless the user changes the device.
  • Improved Security – End-to-end encryption of WhatsApp improves security.

OTPless has received a High Degree of Customer Love from its merchants & their users:

  • Across our conversations with Merchants and their end users, the product has been loved, whether it’s their simple onboarding or frictionless experience for their end users.
  • For Users – The product delivers a strong value proposition in terms of high user satisfaction.
  • For Businesses – Ease of integration and exhaustive developer-friendly documentation make integrating OTPless a minute’s job, saving time, effort and cost in development.

Large Market Opportunity

  • Authentication is a large TAM globally – There are 60 bn first-time sign-ups on mobile apps annually across the globe. Repeated logins are 3 – 4X of this. Assuming a cost of $0.01 per authentication (across modalities & geographies), TAM for just Sign-up / Login is $2.4Bn
  • Adjacent use cases provide an opportunity to expand the TAM – Besides Login / Sign-up use cases, multiple use cases are present, which have the potential to add significantly to the TAM like Checkout, payments, workforce authentication, etc.

High Pedigree Founding Team

Bhavik Koladiya
Exp: Ex-BharatPe Founder (7 Years)
Tanmay Sagar
Exp: Ex-BharatPe founding team, IIT-Delhi (6 Years)
Satyam Nathani
Exp: Ex-BharatPe founding team, IIT-Delhi (6 Years)

Bhavik is a proven founder who has demonstrated his execution ability, having built BharatPe from ground 0 along with his other co-founders. At BharatPe, he scaled the company to a 550+ member team, indicating his ability to drive innovation and attract / retain high talent. He also brings an extensive network of founders / banks / investors / regulators that he built during BharatPe.

Tanmay & Satyam were part of the founding team at BharatPe, where they worked on multiple 0 – 1 initiatives. Tanmay handles all things business, and Satyam handles all things Tech at OTPless.

Traction & Journey Ahead

Within the first year of inception, OTPless has authenticated over 15mn+ users across 4,000+ websites and apps in 15+ countries. With the rapid adoption of this innovative authentication method, OTPless is poised to grow and capture a significant market share in the global authentication industry.

The next phase of growth rests upon 3 key pillars – (i) Expansion to Indian enterprise customers, (ii) expansion to adjacent use cases like payments, and checkouts, and (iii) international expansion – acquiring international customers. 

Share this post