You wish you were passwordless. But you’re not.
May 7, 2026
It’s World Password Day again.
Time for the reminders: update your passwords, make them longer, don’t reuse them. All good advice. But it misses something.
Most of us don’t actually want passwords. We want them gone—replaced by something cleaner, invisible, safer by design. Passkeys, biometrics, devices that just know it’s you. That’s the direction, and it’s a good one.
But here’s the part we don’t say out loud: we’re not there yet.
Passwords are still everywhere—especially in the places that matter most. Legacy systems. Service accounts. Scripts no one wants to touch. Hybrid environments holding everything together. The less visible it is, the more critical it usually is.
Kevin Mitnick once said, “The human factor is truly security’s weakest link.”
It’s a simple point. It reframes the problem. This isn’t about clever combinations of characters or complexity rules. It’s about access—and how easily it can be misused.
And now, AI is accelerating that risk. What used to take time—guessing, cracking, testing credentials—can now be automated and scaled. Faster guesses, smarter patterns, better targeting.
If a credential works, it works—and that’s enough.
We’re living in the middle. Passkeys are growing, passwords are lingering, and identity has become the control plane for everything. That tension is where risk lives.
And then there’s the human side. We forget. We reuse. We share when it’s easier than doing it right. At 20 people, you can get away with it. At 100, it starts to crack. At scale, it breaks quietly—no big event, just small gaps that add up.
If you want a practical look at what that breakdown actually looks like as teams grow, Sascha Marten breaks this down.
Longer passwords help. Passphrases help. But they’re still credentials. They can still be exposed, reused, and passed around. Length doesn’t change what really matters: access.
And if passwords are going to exist, they need guardrails. Jeremy Moskowitz makes the point well: you still have passwords—so you need to enforce how they’re created and used.
So what do you do—not in some future state, but right now, while passwords still exist?
You don’t chase perfection. You control what’s real. Who has access, where it lives, how it’s used, and when it changes.
Vince Lombardi said it better than I can: “Perfection is not attainable, but if we chase perfection we can catch excellence.” Passwordless is coming. But control is today.
So yes—use World Password Day to raise awareness. But don’t stop at better passwords. Focus on what they unlock.
Share on
Learn More
About the author
Grady Summers
Chief Executive Officer
Grady Summers brings 20+ years of cybersecurity expertise and a proven track record leading product innovation and transformational growth. He’s held leadership roles at pioneering companies like SailPoint, FireEye, GE, and Mandiant, where he drove SaaS transformation and portfolio expansion. With hands-on experience across global markets and customer-facing roles, Grady pairs boardroom strategy with boots-on-the-ground insight. While he is recognized industry leader in cybersecurity, Grady maintains his connection to nature by spending his spare time planting trees on his Pennsylvania farm. He holds an MBA from Columbia University and a bachelor's degree in computer systems management from Grove City College.