Move over passwords -- every verification method has its day

The first day of May has numerous competitors for its patronage. It's May Day, of course, and it's International Labor Day, and apparently it's Global Love Day. Since 2013 it's also been World Password Day -- created by Intel to highlight concerns around digital security.

As of last year though there's been further competition from the upstart World Passkey Day. So are we finally seeing a serious challenge to the dominance of passwords as an authentication method?

Anthony Cusimano, solutions director at immutable data backup company Object First says:

I believe the death of the password is just around the corner. Passwords are no longer a secure method of authentication and should not be treated as secure. So, I’ll share the advice I have taken up in the last year: use a password manager, app-based or browser-based (either works!).

Password managers securely store your passwords in a locked vault and come with convenient browser extensions that autofill logins. They can also generate unique, complex passwords for every account. Many of these tools allow you to customize password requirements according to your preferences, including specifying length and incorporating symbols, numbers, and mixed case. Additionally, password managers can alert you to duplicate or weak passwords and often suggest optimal times for changes.

Google is sending emails actively encouraging people to make the switch to passkeys as well as the use of Sign in With Google and the setting of recovery factors.

Ashish Jain, CTO at OneSpan says, "World Passkey Day is a reminder that the future of authentication is here -- and it's passwordless. Passwords have long been a point of vulnerability, often leading to breaches and user frustration. Passkeys represent a meaningful step toward improving both security and usability, moving us closer to a more resilient digital infrastructure. They're especially valuable in securing high-risk interactions like financial transactions, where strong, phishing-resistant authentication is critical. FIDO passkeys take traditional authentication a step further by using cryptographic credentials stored on a user’s device, ensuring both identity verification and security. This method strengthens authentication across desktops and mobile devices, creating a more secure digital environment. As the adoption of passkeys grows, I'm confident they will be key to transforming how we protect our most sensitive online interactions."

Passwords will be around for a while yet though, Acronis CISO Gerald Beuchelt says, "While the shift toward Passkeys and password-less authentication is gaining momentum, passwords remain a critical part of our digital security. To reduce the risk of compromise, use long, complex passwords -- think at least 16 characters or a short sentence without spaces. Avoid common or predictable choices like '1234567890' or 'qwertyuiop,' and never reuse passwords across sites. Enabling multi-factor authentication is one of the most effective defenses available, and a trusted password manager can simplify it all while keeping you protected."

If you still need passwords Damon McDougald, global cyber protection lead at Accenture echoes the need to use them sensibly, “Using the same password across multiple accounts is like leaving your front door wide open for cybercriminals, giving them easy access to all your personal information. While password managers offer some convenience, they come with security risks. Passkeys and biometric authentication offer more secure and user-friendly alternatives, eliminating the need to manage and remember passwords."

Kevin Curran, Institute of Electrical and Electronics Engineers (IEEE) senior member and professor of cybersecurity at Ulster University, is in favor of moving to innovative authentication methods:

Weak passwords, reused logins and phishing scams dominate headlines -- but simply pointing out the problem won’t move us forward. What matters is what we do next.

Stronger, more convenient alternatives are already here. Biometrics -- like fingerprint, facial and iris recognition -- tie authentication to physical traits, making them much harder to steal or replicate. Multi-factor authentication (MFA) further reduces risk, even when passwords are compromised. As adoption across the tech industry grows, we can now see a future where no one needs to type 'P@ssword123!' ever again.

But the real challenge isn't just technical -- it's cultural. Habits built over decades are hard to break. As the digital world evolves, so must our approach to authentication. The password isn't dead yet, but its end is firmly in sight.

Niall McConachie, regional director (UK and Ireland) at Yubico says, "Using passkeys ensures that individuals' accounts cannot be compromised, even in the event of a phishing attack. Passkey options like physical security keys are the most secure option for protecting employee accounts since they can't be shared, intercepted or stolen by remote attackers -- meaning only the key holder can gain access to their accounts."

Image credit: Siphotography/depositphotos.com