Nan Hao Maguire, Field CTO of APJC, Cloudflare
“World Password Day often serves as a timely reminder for organisations to rethink how they secure access and what a critical role password still plays in our daily lives. Despite rising awareness that stolen passwords fuel cyberattacks, password reuse remains a serious vulnerability. Alarmingly, 41% of successful logins on Cloudflare-protected sites involve compromised credentials — clear evidence that the message isn’t landing due to various reasons such as natural human tendency towards weak passwords, phishing and scamming, user fatigue leading to vulnerable password practice and many more. Weak passwords are still leaving the doors wide open for attackers.
This issue is especially pressing in Australia. In just the first three months of this year, Cloudflare blocked an average of 1.2 billion cyber threats daily — a 23% increase from the previous quarter. Attackers are scaling phishing and credential-stuffing attacks, exploiting weak or reused passwords as an easy and effective way in. Traditional authentication methods simply no longer suffice. It’s not a matter of if you’ll be targeted, but when.
Strengthening authentication is critical. Multi-factor authentication, passkeys, and passwordless logins including biometrics and hardware keys are essential tools to safeguard data, reduce risk, and maintain trust. A more dynamic approach towards passwords utilising AI for login behavioural analysis is trending faster than ever. When paired with a Zero Trust approach — where every request is verified — these strategies can help close critical gaps in defence.”
Erich Kron, Security Awareness Advocate, KnowBe4
“World Password Day is no longer just a reminder to update login credentials. It is a call to modernise how we think about authentication. Changing a weak password offers little protection against sophisticated cyber threats. With phishing attacks, credential stuffing, and the sale of stolen credentials on the dark web becoming increasingly common, organisations must move beyond traditional password practices.
Real risk reduction starts with better habits. This includes encouraging the use of longer, more secure passphrases, requiring password managers to avoid reuse, and implementing multi-factor authentication wherever possible. These steps provide an added layer of defence, but they are not enough on their own.
Technology cannot account for every scenario. That is why building a strong security culture is essential. By providing ongoing security awareness training and practical tools, organisations can help employees recognise and respond to threats before they escalate.
The most effective defence is not a single product or policy. It is a workforce that understands its role in protecting the organisation.”
Norbert Kiss, Senior Vice President – APAC, Delinea
“Passwords still are the gatekeepers of our digital identities but relying on traditional passwords are simply not enough. Cybercriminals are getting smarter when attacking passwords – especially those tied to privilege accounts – to breach networks and access sensitive data. With 80% of security breaches involving misuse of privileged credentials, it’s clear that organisations must adopt a Privileged Access Management (PAM) approach, combined with Zero Trust principles for data protection.
It’s essential to use World Password Day as a reminder that password security alone isn’t enough. We must never assume trust – especially privileged accounts – and always verify every access request.
By taking control of who has access to what, when and how, organisations can significantly reduce the risk of breaches. Smart identity security starts with Zero Trust and PAM – because data safety begins with stronger, verified access.”
Tyler Moffitt, Senior Security Analyst, OpenText
“World Password Day highlights a critical truth: while traditional passwords are fading, securing digital identities has never been more urgent. As we move toward a passwordless future, passkeys, backed by device-based biometrics and public key cryptography are poised to reshape authentication. By the end of 2025, 25% of the world’s top 1,000 websites are expected to support passkeys, a shift driven by their ability to prevent phishing attacks and data breaches while simplifying user experiences.
However, no solution is flawless. Passkeys, though promising, are still emerging. They face adoption hurdles, including limited support across platforms and challenges for users unfamiliar with biometric security or cryptographic keys. Transitioning to passwordless authentication demands more than just new technology, it requires layered defenses, strong recovery mechanisms, and continuous user education.
As authentication evolves, fundamentals still matter. Staying vigilant, practicing good security hygiene, and embracing modern tools like passkeys with eyes wide open is the best way forward.“
Carla Roncato, VP of Identity, WatchGuard Technologies
“As we mark another World Password Day, the conversation often turns to strengthening password habits and promoting password managers.
While those are necessary steps, there’s a deeper, more pressing issue that needs the spotlight: the thriving underground economy trading in stolen credentials on the dark web.
Today, it’s not just careless password reuse or weak combinations that pose a threat, it’s the industrial-scale theft and sale of login data. Credentials are harvested through phishing, malware, and breaches, then packaged, sold, and exploited at astonishing speed. A single leaked password doesn’t just unlock one account, it can be a skeleton key to an entire digital identity.
The question is no longer “Are your passwords strong enough?” but “Do you know if your credentials are already out there?”
Organisations must treat credential exposure as a threat to be actively mitigated, not just a hygiene issue. That means proactive monitoring of the dark web, real-time alerting on compromised credentials, and an incident response plan that assumes breach, not just tries to prevent it.
Cybercriminals have evolved. It’s time our mindset around password security evolves too.”
http://itwire.com/security/expert-commentary-world-password-day.html