Today marks World Password Day, a day highlighting the importance of secure passwords. 

Doug Kersten, CISO of Appfire, states, “World Password Day reminds us that passwords are still one of the most common ways attackers gain access to systems, and the most common ways to protect information. Password risk doesn’t usually come from a single weak password; it comes from how those credentials are used across an organization. Employees reuse the same passwords across systems, share access to move work forward, or connect them to new tools that aren’t centrally tracked. Over time, no one has a complete view of where access exists or who owns it.”

Poor password visibility, Kersten asserts, is exactly what malicious actors exploit. 

“AI is making phishing emails, messages, and even voice calls more convincing, which increases the chances that someone could unknowingly give up a password that can be used across multiple systems,” he explains. “Password risk lies within everything that password connects to.” 

Passwords have long been an integral part of online security. But this year, some cybersecurity experts are pushing for this to change. 

“Passwords used to be the backbone of security, but they are starting to show their age,” says Tim Chase, Field CISO & Principal Technical Evangelist at Orca Security. “They were not built for a world where identities include not just people, but also apps, services, and now AI agents acting on their own. That shift makes identity the real control point. It is no longer enough to protect a login. You need to know who or what is accessing your environment, what they are allowed to do, and whether that behavior actually makes sense. Passwords can still play a role, but only as part of a bigger picture. Strong authentication, least privilege access, and continuous monitoring are what actually keep things in check. As AI becomes more embedded in day-to-day operations, the focus has to move from just securing credentials to managing and understanding every identity in the system.”

Steve Shoaff, SVP of Transformation at Imprivata, considers World Password Day to be “a reminder of one of the most outdated and frustrating conventions still embedded in modern technology.” 

“Passwords have long been a necessary part of digital security, while at the same time being one of its biggest liabilities,” he asserts. “Bad password habits have been around for so long that continuing to blame users just isn’t productive. The real problem is that the model itself is broken and increasingly unnecessary for the majority of our logins.” 

For this reason, Shoaff hopes that today may be one of the last — if not the very last — World Password Days. 

“The industry is moving toward a future where passwords fade into the background — or disappear entirely — replaced by stronger, smarter authentication methods built on cryptography, trusted devices, and identity-bound access,” he says. “When security depends on people remembering complex secrets, failure is almost guaranteed. When security is designed to happen behind the scenes, organizations can reduce phishing and credential theft, eliminate password reuse, and strengthen protection without adding friction. The goal shouldn’t be better passwords or password managers. It should be a world that no longer asks people to manage passwords at all.”

John Cannava, CIO at Ping Identity, asserts that authentication solutions must keep pace with accelerating cyber threats, stating, “Passwordless solutions are rapidly replacing traditional passwords with stronger, more user-centric methods like biometrics, authenticator apps, and digital certificates. These approaches significantly reduce the risk of phishing and credential theft while improving the user experience.” 

In the past, World Password Day has served as a reminder to heed best practices for secure password creation and to update weak credentials. This year, however, security leaders are encouraging a new way of thinking about this day. 

“World Password Day shouldn’t just be about updating passwords. It should spark a broader shift," declares Cannava. “To stay ahead of modern threats, organizations and individuals need to move beyond passwords and adopt more resilient authentication strategies that put control back in the hands of users.”