As cyber threats rise, cybersecurity specialists emphasize the need for updated authentication practices, highlighting three essential approaches to strengthen password security: password managers, multi-factor authentication, and passkeys.
Three Strategies to Enhance Password Security
Cybersecurity specialists have identified three key approaches to strengthen password security, emphasizing the need for updated authentication practices amid rising cyber threats. A 2025 analysis by ESET, supported by data from industry reports, outlines these strategies to address vulnerabilities in current systems.
Password Managers: A Tool for Complexity
Password managers, despite their effectiveness in generating and storing complex credentials, remain underutilized. The Descope State of Customer Identity 2025 report indicates that only 3% of compromised passwords met basic complexity standards, while global adoption rates for password managers are approximately 30%, according to Jake Moore of ESET. These tools mitigate password fatigue by eliminating the need for users to recall multiple passwords. However, reliance on traditional username/password authentication persists, with 87% of organizations still using this method. This approach leaves systems exposed to brute force attacks, which have increased threefold since 2024, with 60% of Basic Web Application Attacks now involving such tactics.
Multi-Factor Authentication: Limitations and Risks
Multi-factor authentication (MFA) is widely recommended but inconsistently implemented. While 94% of organizations employ some form of MFA, only 10% apply it universally. Attackers have developed methods to bypass MFA, including token theft (31% of bypass incidents) and prompt bombing (22% of cases). The 2025 data highlights MFA’s limitations, as it reduces credential theft risks but is not foolproof. Adversary-in-the-middle (AITM) attacks account for 9% of MFA bypasses, underscoring the need for layered security measures beyond MFA alone.
Passkeys: A Passwordless Solution
The adoption of passkeys, a passwordless authentication method using public-key cryptography, is gaining traction. The FIDO Alliance reports that 75% of global consumers are aware of passkeys, with 28% enabling them when possible. Organizations are also accelerating deployment, with 45% already using passkeys in applications and 27% planning implementation within two years. However, challenges persist, as only 36% of accounts utilize passkeys, and 93% of user accounts are eligible for the technology. The transition requires infrastructure upgrades and user education, as 22% of breaches still originate from credential abuse.
Cybersecurity Trends and Financial Impact
Data from 2024 reveals significant trends in cyberattacks. Over 2.8 billion passwords were available on criminal platforms, exposing millions to breaches. Phishing attacks surged to 1.96 million in 2024, a 182% increase since 2021. These attacks utilized 1.54 million unique domains, 37% registered in bulk for large-scale operations. The financial impact was severe, with $16.6 billion in direct U.S. losses reported in 2024, a 33% rise from the prior year.
Systemic Changes for Future Security
Experts stress the need for systemic changes to address outdated password systems. The Descope report notes that 84% of users reuse passwords, with ‘123456’ remaining the most common credential. A combination of password managers, enhanced MFA protocols, and passkey adoption is seen as critical for future authentication. However, the emergence of agentic AI presents new challenges, as it could exploit existing security gaps. Organizations must prioritize user-centric solutions that balance security with usability to protect digital assets effectively.
- newscientist.com | The 3 things you need to know about passwords, from a security expert
- descope.com | 50+ Customer Auth Stats To Keep in Mind for 2026 Descope
- deepstrike.io | Password Statistics 2026: Reuse, Breaches, MFA & Passkeys
