When you purchase through links on our site, we may earn an affiliate commission. This doesn’t affect our editorial independence.
Cybersecurity firm Sophos has emphasized the limitations of passwords and knowledge-based authentication techniques as the world gets ready to celebrate World Password Day 2025.
Passwords are the key to keeping our digital lives secure. However, so often so much distress can be experienced when a password is forgotten, lost, or breached. World Password Day is held annually on the first Thursday of May to encourage healthy password management and raise awareness on password use and cybersecurity.
World Password Day—which was first introduced by tech giant Intel in 2012—has unexpectedly expanded to become an annual reminder that password security is essential to maintaining the security of your accounts. The goal of this event is to encourage improved cybersecurity practices. We use passwords to access social media, private work, banking, dating, online shopping and communications. This makes them essential gatekeepers to our digital identities.
Sophos Calls For Less Passwords and More Web-Authentication
Sophos a prominent cybersecurity firm has called for the use of web authentication (WebAuthn) or passkeys in particular to protect against phishing attacks. This approach creates a distinct public/private cryptographic key pair at the time of account creation. These are then locally stored along with the site name and user ID. The private key is saved at the user’s end while the public key is saved on the site’s server.
An account user no longer has to provide a password or secret code that was sent to them via SMS or an authentication app. Instead, the user must physically hold the device on which the account was registered and be confirmed as the owner of the private key.
The confirmation must be done through biometric verification, after which the server then processes a digital authentication request. Two criteria still form the basis of authentication in the WebAuthn technique. These are the user’s physical possession of the gadget and their personal biometric traits rather than their knowledge. Therefore, they are theoretically impervious to theft using standard phishing techniques.
Passwords and Cybersecurity on World Password Day 2025
This new industry standard attempts to simplify user authentication while providing a solid defense against phishing, the main route for credential theft. Even though WebAuthn is a big step forward, there are still several vulnerabilities, therefore constant attention is needed. The devices or cloud environments that contain authentication keys must be adequately safeguarded. Furthermore, market adoption is essential for the successful transition to WebAuthn.
Cybercriminals may still be able to get around these new safeguards by stealing session cookies. Keep in mind that fraudsters are always refining their attack techniques. Adopting these technologies needs to be a top cybersecurity priority for companies nowadays.
The Director of Global Field CISO at Sophos, Chester Wisniewski stated that the world must stop depending on shared secrets and passwords.
Final Notes
The most reliable way to create a future free of phishing attacks at this time is to use WebAuthn. This World Password Day is an excellent opportunity to review your online accounts from the prism of security. Verifying your password’s security is quite easy. It might save you hours of effort trying to regain your account once it is breached.
Check Out Our Previous Posts:
