World Password Day 2026 – : Here’s what some technology and industry experts say:
Rizwan Patel, Global Head Cloud, Infosec and Emerging Technologies, Altimetrik
Rizwan Patel, Global Head Cloud, Infosec and Emerging Technologies, Altimetrik
“Identity has become the primary attack surface, with passwords emerging as one of its most vulnerable links. As enterprises scale their digital business across cloud, APIs, and interconnected ecosystems, the idea of a fixed security perimeter has steadily faded, bringing authentication to the forefront of risk management and trust.
This shift moves authentication beyond a technical control to a strategic business priority. However, the transition is not without challenges. Organizations continue to navigate legacy dependencies, fragmented identity systems, and user friction associated with stronger authentication measures. At the same time, threat actors are using AI and automation to exploit credentials with greater speed and precision.
What makes this moment distinct is that the identity surface has expanded well beyond human users and now increasingly incorporates service accounts, API tokens, CI/CD pipelines and autonomous AI agents accounting for the majority of authentication events in enterprise environments. Yet most NHI operate without equivalent governance carrying standing privileges, rotating credentials infrequently, and are rarely audited with the same rigor applied to humans. As agentic AI takes on more consequential roles, this gap becomes one of the most underappreciated risks in enterprise security.
Addressing this requires a shift from static credentials to continuous, context-aware security. Password less authentication, multi-factor authentication, zero trust frameworks, and identity as code wherein credentials are ephemeral, policies are version-controlled, and access is governed as part of the engineering lifecycle must work alongside intelligent threat detection and secure engineering practices. At Altimetrik, these principles are embedded through DevSecOps and advanced security solutions. World Password Day is a timely reminder that strengthening identity and authentication, for every identity human or machine, is essential to building resilient and trusted digital businesses.”
Andrew Spangler, Senior Director, Security & Compliance, Harness
“Security is no longer limited to better password habits, but requires us to fundamentally rethink how we approach identity in a world of AI-driven threats. While individuals can be careful, traditional passwords are steadily losing relevance, as the threat landscape has far outpaced what static credentials were ever designed to handle.
The response to this shift cannot be incremental. Passkeys and passwordless authentication need to become the default to eliminate shared secrets and reduce phishing risk at scale. In parallel, the fundamentals must be enforced—long, unique passphrases, mandatory multi-factor authentication, and password managers to eliminate reuse are table stakes for any modern security posture.
More importantly, this calls for a shift in mindset. Security needs to become continuous, embedded, and system-driven. Every access point, identity, and interaction needs to be part of an active defence model that adapts in real time.
The goal isn’t to make security more complex for users, but to make it more resilient by design. This is the moment to move from passive protection to active defence—because standing still is the biggest threat in an AI-driven landscape.”
Parag Khurana, Country Manager, Barracuda Networks India
World Password Day is a reminder for better individual password hygiene, but for Indian organisations it highlights only a fraction of the wider identity challenge. Today, attackers aren’t breaking in, they’re logging in. Credentials have effectively become a form of currency in the cybercrime economy, with infostealers and dark‑web marketplaces making it easier than ever for attackers to obtain valid logins. Stolen credentials, dormant accounts and unsecured third‑party access have become some of the most effective entry points for cybercriminals. Strengthening identity consistently across the organisation has to be a priority. That means moving beyond traditional passwords and adopting phishing‑resistant MFA, ideally through authentication apps rather than SMS. It also means continuously reviewing who has access, how long they’ve had it, and whether those accounts are still active or necessary. And because even strong authentication can be bypassed, organisations also need continuous monitoring through XDR to flag unusual logins, impossible travel activity and other behavioural anomalies before they escalate. World Password Day may spark the annual conversation, but the growing issue is securing the entire identity ecosystem that protects modern businesses.
Balaji Rao, Area Vice President, India & SAARC, Commvault
“Password Day must now be seen as a wake-up call for securing every digital identity, human and non-human. We are witnessing an unprecedented expansion of digital identities, where AI agents are no longer supporting actors but autonomous participants in business processes, each requiring authentication, authorization, and oversight at scale traditional systems were never designed to handle.
In India’s rapidly digitizing economy, this shift is becoming a boardroom priority as enterprises scale AI across functions, customer touchpoints, and critical operations. Every AI agent accesses user-specific data, workflows, multiple applications, and therefore needs a unique identity and clearly defined access rights. Strong encryption, strong multi-factor authentication, multi-person approval, and centralized identity management remain mandatory.
Alignment with evolving frameworks such as the DPDP Act further reinforces accountability. Enterprises that enforce strict governance over AI identities will be better positioned to secure operations at scale.”
Shakeel Khan, Regional Vice President and Country Head, Okta India
“Passwords have long been the weakest link in security: they are easy to forget, reuse, and exploit. As we mark World Password Day, the shift to passwordless authentication is no longer a future vision but a present necessity. The focus now should be on adopting modern authentication methods such as biometrics, device-based verification, and phishing-resistant standards like passkeys, which offer both stronger security and a seamless user experience. This imperative extends beyond human identities, as AI agents now operate autonomously across enterprise systems, and they cannot rely on passwords either. A credential exposed through an agent carries the same risk as one stolen from a human, often with far less visibility. At Okta, we see going passwordless as a critical step toward building a safer, more intuitive digital world, one that must extend to every identity in it. With Okta for AI Agents, organisations can discover shadow AI, enforce least-privilege access, and govern agent permissions over time, ensuring that the vulnerabilities we are working to eliminate for humans are never allowed to take root in our AI workforce.”
