From passkeys and Zero Trust to AI agents and continuous verification, organisations are redefining identity security in an increasingly automated world.
World Password Day arrives at a defining moment for cybersecurity. For decades, passwords formed the foundation of digital trust, protecting everything from personal banking and enterprise systems to critical infrastructure. Today, however, the password itself is under growing pressure. Cybercriminals no longer rely solely on brute force attacks or technical exploits. Increasingly, they log in using stolen credentials, AI-generated phishing campaigns, deepfake impersonation, session hijacking, and compromised digital identities.
Across the Middle East, rapid digital transformation, cloud adoption, and AI-driven automation are reshaping the security landscape at unprecedented speed. Governments and enterprises are accelerating their shift towards identity-first security models, adopting Zero Trust frameworks, phishing-resistant authentication, passkeys, biometrics, and continuous verification mechanisms. At the same time, the rise of AI agents, machine identities, and autonomous workflows is expanding the attack surface far beyond human users alone.
The conversation around World Password Day is therefore evolving. It is no longer simply about creating stronger passwords or changing them regularly. The focus is shifting towards securing identities, limiting trust, continuously monitoring behaviour, and reducing reliance on passwords altogether in an AI-driven world.
As organisations navigate this transition, cybersecurity leaders across the region are calling for a rethink of how trust, authentication, and access are managed in the modern enterprise.
Industry Voices
From passwordless architectures and phishing-resistant authentication to Zero Trust strategies and AI identity governance, industry experts share how organisations are preparing for the next phase of identity security and why the future of cybersecurity may no longer revolve around passwords alone.
Morey Haber, Chief Security Advisor, BeyondTrust
World Password Day should mark the decline of passwords rather than celebrate them, as stolen credentials, password spraying and replay attacks continue to fuel identity compromise. Passwords alone are no longer an effective security control, especially as both human and machine identities become attack vectors. BeyondTrust urges organisations to move towards passwordless architectures, least privilege, just-in-time access, continuous authentication and behavioural monitoring.
Ezzeldin Hussein, Regional Senior Director, Solution Engineering, SentinelOne
Across the region, organisations are moving beyond password-based security as digital transformation accelerates and cyber threats become more complex. National initiatives such as UAE PASS have shown how federated, biometric digital identity can work at scale, creating a strong model for enterprises to follow. Businesses must adopt phishing-resistant MFA, such as passkeys or hardware security keys, while removing standing privileges and treating identity security as a year-round operational priority.
Meriam ElOuazzani, Vice President for Middle East, Turkey, and Africa, Censys
Identity security is increasingly being treated as a board-level risk rather than a narrow IT project. The shift towards passwordless and identity-first architectures is accelerating as AI-driven phishing, credential theft and account compromise continue to rise. Censys also highlights the role of reconnaissance in identity attacks, where phishing campaigns rely on look-alike domains and exposed infrastructure.
Keyur Shah, Associate Field CISO, Sophos
Across enterprises, attackers are increasingly logging in with valid credentials rather than breaking into systems. The response is a phased move towards identity-first security, with organisations reducing password dependency through phishing-resistant MFA, device trust, conditional access, passkeys and biometrics. Sophos also highlights the growing importance of session security as token theft, session hijacking and privilege escalation become major attack paths.
Dr. Martin Kraemer, CISO Advisor, KnowBe4
The regional security conversation is shifting from password-based controls to identity-first and passwordless models as AI-driven phishing, password spraying and credential theft increase. Zero Trust architectures, passkeys, biometrics and hardware security keys are becoming key to verifying every access request in context. User awareness remains critical, with employees needing training on passkeys, stronger authentication, voice phishing and deepfake-enabled impersonation.
Janne Hirvimies, CTO, QuantumGate
Enterprises are moving beyond passwords as credential theft, AI-driven phishing and rising breach costs increase pressure on security teams. The shift is towards identity-first models, phishing-resistant authentication and passwordless systems where credentials are not centrally stored or reused. QuantumGate’s Salina solution is built to ensure credentials are not stored or transmitted in a reusable form, while supporting sovereign, phishing-resistant identity infrastructure developed in the UAE.
Ramanathan Kannabiran, Director of Product Management, ManageEngine
The move from password-based security to identity-first architectures is being driven by regulatory pressure, rising credential attacks and the need to secure both human and machine identities. ManageEngine highlights that passwordless security is a phased journey, especially across legacy systems, hybrid cloud and non-human identities such as service accounts, API keys and AI agents.
Mohammed Aboul-Magd, VP of Product, Cybersecurity Group, SandboxAQ
World Password Day must evolve beyond human passwords to address the rise of AI agents acting on behalf of people and businesses. These agents increasingly access systems, update records and make decisions using digital credentials that may be issued once and rarely reviewed. SandboxAQ warns that the next identity risk is not only stolen passwords, but unchecked agent permissions.
Mortada Ayad, VP – META, Delinea
World Password Day is a reminder that password fatigue and poor security habits still create major risks for organisations. Modern password management must go beyond vaulting to include role-based access, continuous verification and just-in-time privileges. Delinea also stresses the need to secure non-human identities, including service accounts, applications, APIs, automation tools and AI agents.
Ziad Nasr, General Manager – Middle East, Acronis
In the UAE, credential-based attacks remain one of the simplest and most effective ways for attackers to gain access. Strengthening passwords, enabling multi-factor authentication and staying alert to phishing attempts remain critical steps in reducing risk. As the UAE continues its rapid digital growth, securing access at the identity level will be key to long-term resilience.
Stephen Ong, Co-Founder, Vault22
For fintech users, weak passwords remain one of the most preventable security risks. Even one compromised password can expose users to financial loss, making long, unique passphrases and avoiding password reuse essential. Users should also enable multi-factor authentication and use password managers to maintain strong credentials across financial apps.