Freely subscribe to our NEWSLETTER

“A day set aside to promote better password security practices is based on good intentions, but the reality is that there simply is no way to make passwords safe.

Instead of giving users an entirely false sense of security with advice about using longer and stronger passwords, or not re-using the same password, we need to think about how to eliminate them altogether.

Passwords are now the single largest attack vector so the cycle of training and blaming users, when the system itself is fundamentally flawed, needs to change. And it’s not going to come anywhere close to fixing or improving the global security problem that we face when it comes to password security.

Technology exists today to relieve the world of the password burden. Compromised passwords are the source of over 89% of web application breaches, and all the spending in the world on security measures won’t matter if you’re using passwords, and the weak security they provide in your authentication process. Realistically, if you are still using passwords, only your MFA (if you even have it set up) sits between you and the attacker. If that fails, which it often does, your entire network is compromised.

Pinning the responsibility for password security on the end user now just feels like victim blaming. Individual users and consumers shouldn’t have to deploy ‘security layers’ as the industry should be doing the leg work to improve security for them. World Password Day offers false hope and continues along the path that passwords are enough protection when they are not and never were. We need to stop kicking the problem down the road and take steps to move to a world in which passwords are consigned to the history books of cyber security.”