Weak passwords expose gaps in digital security, experts warn

Today

The ongoing challenges posed by passwords in securing digital identities have come into sharper focus ahead of World Password Day, with industry experts warning that legacy approaches may be failing both businesses and individuals alike. Two prominent voices from the cybersecurity sector, Ross Baker of Tenable and Niresh Swamy of ManageEngine, have highlighted how a combination of human nature and outdated system design lies at the heart of modern password woes.

Baker, Senior Sales Director for UKIZA at Tenable, understands from personal experience the generational differences in technological literacy. "As the son of a 'boomer' whose IT skills are, politely, basic and the parent of teenagers who have multiple apps open at all times… I'm nervous. If passwords are the difference between security and well insecurity, then we're doomed, surely?"

Drawing on recent breaches, Baker cited the infamous LinkedIn data leak in which weak and repetitive passwords such as "123456", "linkedin" and "pa55word" were found to be widespread. "It wasn't that long ago that there was a massive breach… It just shows that the typical user creates a basic password so they can remember it." Baker hopes that initiatives such as World Password Day might provoke individuals to reconsider the strength of their passwords, but he notes that the dilemma persists. "Security falls a close second to accessibility to the average person. Ultimately we're trying to stop hackers, not invite them for ice-cream."

Niresh Swamy, Enterprise Evangelist at ManageEngine, takes a broader view, suggesting that persistent poor password practices should not be dismissed as user negligence. "We often treat poor password habits as negligence, but really, they're rational responses to mental fatigue and flawed design," he commented. Swamy observes that people reuse passwords not due to ignorance, but as a practical adaptation to the complexity and volume of modern digital requirements. Current IT systems, he says, routinely neglect human psychology in their architecture.

"It's time to move past cybersecurity hygiene and reframe identity security as a behavioural design challenge, not just a technical one," Swamy urged. By minimising friction—through technologies such as single sign-on (SSO), passkeys, and privileged access management (PAM)—and by shaping policies that reflect how people actually think and act, Swamy believes organisations can make secure choices the norm rather than the exception.

Security experts broadly agree that passwords remain an Achilles' heel in enterprise defence, with ongoing incidents of credential leaks and breaches serving as reminders of the limitations of traditional approaches. While multi-factor authentication, password managers, and biometric authentication have made significant inroads, industry surveys continue to reveal high rates of password reuse and predictable patterns among users, undermining these technologies' effectiveness.

The convergence of human behavioural science and cybersecurity is increasingly seen as a frontier for meaningful progress. Both Baker and Swamy highlight the need for the industry to acknowledge the cognitive realities faced by users. In recognising that security cannot rely on "hoping people will suddenly remember dozens of complex passwords," experts suggest that future advances will depend on seamless user experience, policy realignment, and continued investment in next-generation authentication methods.

As World Password Day prompts reflection, the call from cybersecurity leaders is clear: strengthening digital security will require more than reminders and technical controls. It will necessitate systems that make secure habits instinctive and straightforward for everyone, regardless of age or technical ability.

Share on: