Yesterday was World Password Day (1st May 2025). Since one day was put aside by the tech community to emphasise the importance of password setting does not mean that businesses and individuals should take their eyes off the ongoing importance of security.
In terms of improving password management, Digital Journal has heard from three experts in the field. The three look at the everyday issue of passwords from three different perspectives – the interaction between people and technology; the technical process of setting passwords; and the misuse of IT security.
Prashant Kumar, Senior Researcher for Forcepoint’s X-Labs Research Team
Kumar places an emphasis upon people and their unpredictability. He thinks that businesses need to put greater consideration about how people can mess up what seems to be a solid system.
According to Kumar: “In light of World Password Day, organisations must remember that one of the most important parts of its defence is its people. Employees must be aware of their role in organisational security. This includes the basics such as maintaining strong passwords and leveraging technologies like MFA, but should also include their ability to be constantly cyberaware.”
Consequently, Kumar finds: “This means organisations have a role to play in ensuring employees know how to identify and act when faced with an attack. Human error can be the weakest link in the security chain, so it is important that staff are educated.”
Brian Pontarelli, CEO of FusionAuth
Pontarelli considers the technical side of things, looking at how passwords are generated and pieced together.
Pontarelli thinks: “The teams building the future of passwords are the teams that are building and managing the login pages of their apps. Some of them are getting rid of passwords entirely, others are not familiar enough with the alternatives to make the move; a recent survey of teams building auth on their own showed that passkeys (a replacement for passwords) were the feature that teams were both most familiar with AND least familiar. In short, passkeys are the most polarizing feature for the teams building the future of login…so the future of passwords is certainly not certain.”
Ashley Rose, CEO of Living Security
Rose considers poor practices resulting in the overall misuse of passwords and lax security.
Here, Rose observes: “Password misuse is a business/security alignment issue. We need to understand the business friction (visibility) around authentication and think with a secure by design mindset, implementing SSO/passwordless logins, allowing for use of password managers at work and at home etc. Where Human Risk Management (HRM) comes in is visibility and prioritization of efforts. For instance, if you see a segment of higher risk users with a lot of access, we will want to start here to develop a policy around passwords (i.e. implement password manager or reset policies), or train, or change authentication processes…versus trying to boil the ocean.”
