Passwords are hot garbage – AI promises something better in 2025

The cybersecurity community disagrees on a lot, but we can agree on this. It seems that even information security professionals agree that passwords are hot garbage. The newly published one RSA ID IQ report asked more than 2,000 cybersecurity and technology professionals, geographically spread across 62 countries, how often they had to enter their password at work – 51% had to do so at least six times a day. Passwords are hard to remember, easily acquired by hackersand expensive to manage IT support. But that’s just skimming the surface of the real problem with passwords: Most data breaches start with compromised credentials. According to the RSA, AI could be the password-less savior waiting in the wings to rescue us from this mess in 2025.

ForbesNSA tells iPhone and Android users: Restart your device nowOf Davey Winder

The problem with passwords

I’m not one to generally agree with Bill Gates’ view of the tech landscape, but I can’t argue with his logic for the death of passwords: “They just don’t meet the challenge for anything you want to insure.” Unfortunately, this prediction was made by Gates in 2004 and passwords have yet to get the message.

The problem is that passwords just don’t work. They are too complex, not helped by outdated practices such as password rotation that lead to regular changes for users and rules that restrict the construction of said passwords in a framework that is far too rigid for beginners.

While it may surprise you, coming from Steve Won, Product Manager at 1Password, a leading vendor in the password management space, password hashing is something that most security professionals see the benefit of: “Without passwords, there is nothing to steal, making social engineering attacks like phishing ineffectiveWon said.

ForbesWhy You Shouldn’t Be Changing Your Passwords Like It’s 1999Of Davey Winder

Paving the way to password-free with AI

If one message is highlighted by the RSA ID IQ report, then it would appear that AI and passwordless are the future, and that future is coming fast. Going back to that 51% of users who need to enter their password credentials at least six times a day, 20% said they need to enter the thing more than 11 times, it’s no wonder this friction is causing enterprises to look for something better. Some 61% said they plan to implement a password-free solution in 2025.

Of course, things are never that simple when it comes to enterprise security, and the RSA report asked what factors were preventing people from making the transition to a password-free world at work.

• 24% said passwordless standards are not mature enough for enterprises.
• 21% cited lack of native platform support.
• 15% said they don’t trust passwordless login.
• 11% said passwordless is a consumer or personal technology.

Interestingly, a relatively small percentage of 13% of people cited lack of budget. Which is good news for those looking to bring AI solutions into the worldless equation. “AI solutions can enable a world without passwords, removing the identity approach based on what you know about who you are and what you do as a normal model,” said Ghai.

ForbesUsername More than 52 characters? No password required, Okta saysOf Davey Winder

So, for example, if a user logs in from the same device at the same time and accesses the same resources as always, then it’s probably low risk from an authentication perspective. “But if they suddenly connect from a new device pinging from an unknown network at an unusual time,” Ghai said, “then the AI ​​should be able to recognize those signals, automate a response and alert the security team “. Also, if an organization experiences an increase in failed logins to a resource that is secured by a password, then it is likely to be hit by a password spraying attack “and should tighten its authentication requirements.”

The challenges of adopting AI for identity security in a world without passwords

While he agreed that defining what is meant by AI itself is a problem and that the term has been significantly overblown, Ghai said the main challenges to adopting AI for identity security are not that different from any other field . “As we get help from AI to make critical decisions around identity,” Ghai said, “we’re not going to have the luxury of knowing why it made a certain decision. We’ll just have to trust her and that trust will take some time to develop.” One thing is for sure: the end of dependence on insecure passwords is coming, and it’s coming sooner than many would expect, thanks to artificial intelligence.