SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

Experts call for end to password reliance on World Password Day

Today

Industry experts have weighed in on the state of password security and authentication practices on World Password Day, highlighting the ongoing challenges and potential future of access management.

Bob Wambach, Vice President, Portfolio and Strategy at Dynatrace, addressed the changing effectiveness of passwords within modern digital security.

"Passwords were once the cornerstone of digital security. But today they have become a growing risk, often exploited by sophisticated attackers. Static credentials alone can no longer defend the complexity of modern digital ecosystems."

Wambach argued for more integrated forms of security. "Strengthening security today means thinking differently. Organisations need the ability to see risks in real time, understand vulnerabilities across their environments, and respond before attackers can exploit them."

"AI-powered observability and automated insights are helping businesses move from reactive defence to proactive resilience, embedding protection into every user experience, application and infrastructure," he added.

"On this World Password Day, the focus must shift from relying on passwords alone to building integrated, intelligent security. Digital trust depends on seeing more, understanding faster and acting earlier, at the speed of modern threats."

Morey Haber, Chief Security Advisor at BeyondTrust, critiqued the concept of a day set aside to celebrate passwords, describing it as "cybersecurity's most ironically misguided celebration." He stated: "As a yearly event, it is a reminder of our collective failure to promote good password hygiene and highlight bad habits and silly mistakes."

"Despite endless warnings and breaches demonstrating password fragility, we have decided to dedicate a day to celebrate the weakest link in cyber defence; us – human beings. So, on May 2nd, we will recognise that as humans, we are fundamentally inept at password management and reuse secrets, refuse complexity, forget, and share passwords creating a lucrative opportunity for threat actors to capitalise on our flaws."

Haber advocated for a shift away from password reliance: "Therefore, for future celebrations, I would like to propose that World Password Day focus on marking a proactive pivot toward biometrics and passwordless authentication options, so we can ultimately change the narrative of identity attack vectors."

"Instead of promoting stronger passwords and a day when everyone should rotate their passwords, perhaps we should promote a technological revolution and replace passwords with modern solutions that can minimise our own human weaknesses: biometrics, MFA, and passkeys for everyone."

Patrick Harding, Chief Product Architect at Ping Identity, also questioned the ongoing use of passwords.

"Passwords have long been a security crutch – and in today's digital landscape, they're quickly becoming a liability. Users continue to rely on weak, repurposed credentials, making them easy targets for sophisticated cyberattacks fuelled by AI."

Harding cited consumer and IT leader concerns. "Recent data shows that 87% of consumers are concerned about identity fraud, yet many still depend on outdated methods to secure their most sensitive data. Even worse, 48% of IT leaders admit they're not confident their current defences can withstand AI-driven attacks. That should be a wake-up call."

"With the rise in phishing, credential stuffing, and deepfake scams, it's time for organisations to retire traditional passwords altogether."

He called for organisations to adopt passwordless solutions: "In the spirit of World Password Day, we must double down on access solutions that eliminate the guesswork and the risk. Passwordless authentication, like biometrically protected passkeys and secure device-based login, not only strengthens security but also improves the user experience."

"Organisations must embrace a future where identity is both frictionless and fundamentally more secure."

Rafa López, Evangelist & Solutions Engineer at Check Point Software Technologies, described persistent user reliance on passwords due to their familiarity, despite known risks. "Despite security advances, people still trust what they know — and passwords feel familiar. But that familiarity comes at a price. Passwords are easily guessed, forgotten, shared, or stolen. Check Point notes that poor password hygiene — such as reusing passwords, writing them down, or using personal data — continues to be a major weak link in corporate and personal security​​. Even worse, phishing attacks — many AI-generated — continue to steal login credentials at scale, despite the presence of two-factor authentication (2FA). The rise in AI-powered phishing and deepfake attacks only makes password-based systems more vulnerable."

López suggested several organisational actions. "Organisations should: Pilot passwordless systems using biometrics, tokens, or Passkeys. Use tools like Check Point Harmony to prevent password reuse and phishing. Enforce Privileged Access Management (PAM) solutions and Zero Trust architectures. Educate teams not just on stronger passwords — but on phasing them out altogether."

He added: "Check Point emphasises password length, diversity, and uniqueness but is also aligned with the need to explore post-password approaches​​. World Password Day shouldn't just be about creating stronger passwords. It should be a prompt to imagine a future without them. The tools exist. The threats demand it. The only thing missing is our willingness to let go."

Ezzeldin Hussein, Senior Director, Solutions Engineering at SentinelOne, reflected on World Password Day as a moment to consider shared responsibilities in password security.

"World Password Day is a reminder that password security is a shared responsibility. Organisations and individuals must adopt best practices such as using complex, unique passwords, enabling multi-factor authentication (MFA), and leveraging password managers to enhance security. Cyber hygiene starts with small habits—changing default passwords, avoiding reuse, and staying vigilant against phishing attacks."

He continued, "Let's take this day to educate, implement stronger security measures, and advocate for passwordless authentication methods like biometrics and passkeys. A secure password is the first step toward a more resilient digital future."

David Nuti, Head of Security Strategy at Extreme Networks, discussed the broader context of identity-based security frameworks.

"For over a decade, IT departments have faced the challenge of managing diverse endpoints - both hybrid workers and IoT - and managing access to equally diverse data and application endpoints. Unfortunately, as complexities have continued to increase, the industry hasn't yet delivered a solution to closing the talent and resource gaps of budget conscious IT teams. Opportunities in agentic AI are about to flip that script entirely."

Nuti pointed to identity and Zero Trust as central to future security. "The pathway for this revolution is centered on committing to an identity-based policy based on a Zero Trust framework."

"Identity micro-segmentation is the rocket fuel to power the next generation of AI-powered tools for planning, maintaining, and enhancing network performance, reliability, and security. The logistics and end-user behavioural data are precisely what AI agents will require in order to deliver interactive, and ultimately agentic, analysis and outcomes that become the force multiplier that IT teams need to perform beyond their current capacities."

He elaborated: "Zero Trust has long been recognized for strengthening cloud security by eliminating implicit trust within a network. Instead of granting broad access, it mandates continuous verification and authorization for every request. What empowers those observed decisions is the fine point data provided by identity-based policies."

"Zero Trust can be both proactive—preventing attacks by verifying every request—and reactive—limiting attackers' lateral movement with network segmentation and identity micro-segmentation. Combined with other solutions like network fabric, Zero Trust can help minimize the blast radius impact of breaches in cloud environments," Nuti said.

Nuti concluded, "As cyber threats evolve, organisations must remain vigilant. By adopting Zero Trust and fostering a strong security culture, enterprises can significantly strengthen their overall security posture while simultaneously laying the data foundation for agentic AI and automating many of today's time-consuming IT workloads."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X