In a world of outages and AI threats, passwords are no longer enough
For years, passwords have served as one of the default gatekeepers of digital access. But in today’s threat landscape, that foundation is becoming increasingly fragile. As identity becomes the primary target for cybercriminals, traditional advice around stronger, more complex credentials is no longer enough to keep pace with the scale or sophistication of modern attacks.
Get updated faster and for FREE: Download the Gulf News app now - simply click here.
The shift is undeniable. In the first half of 2025 alone, identity-based attacks surged by more than 32%, and it is estimated that 97% of them are password focused. Even as more sophisticated tactics evolve, most attackers are still exploiting the same fundamental weakness: credentials that are weak, reused and trusted far beyond the moment they were created.
What has changed is the environment in which those credentials are being tested. Recent internet outages and service interruptions have shown how quickly access controls can be impacted when systems are under pressure. In these moments, authentication processes may not function as intended, visibility is reduced, and additional verification steps are more likely to be delayed or bypassed. This creates an opening for attackers to exploit weak or compromised credentials, allowing them to gain access more easily and move across systems with less resistance. From there, attacks such as phishing, ransomware, data exfiltration, and misuse of remote access can scale rapidly, often accelerated by AI.
Taken together, these trends expose a critical gap in how organisations approach authentication. Many still treat it as a one-time event where trust is granted at login and maintained without further validation. In reality, once credentials are compromised, attackers do not need to bypass security controls. They simply log in and operate as legitimate users, often without being detected. As AI enables attackers to better mimic normal behaviour, distinguishing between legitimate and malicious activity becomes increasingly difficult.
The reality is that credential exposure, at some level, is inevitable. What sets resilient organisations apart from vulnerable ones is not whether than happens, but how quickly the misuse is detected and how effectively access is controlled before damage spreads.
This is where a shift in approach is taking place. At TrendAI, we see organisations of all sizes and industries strengthening their security posture by improving visibility across identities, endpoints, and cloud environments. This allows security teams to detect how compromised credentials are being used in real time, from unusual access patterns to lateral movement across systems. AI plays a critical role by analysing activity at scale, surfacing anomalies, and enabling faster, more informed responses before threats escalate.
In practice, this means reducing reliance on passwords while strengthening the ability to detect and respond to their misuse. Multi-factor authentication (MFA) has long been used as an additional layer of protection for passwords, while passwordless approaches are now gaining traction as organisations look to reduce reliance on credentials altogether. However, these measures must be supported by continuous monitoring that can identify suspicious activity as it happens.. Ultimately, speed is what defines resilience. The faster organisations can detect and respond to compromised credentials, the more effectively they can limit the impact on operations, data, and trust.
World Password Day should therefore serve as more than a reminder to update credentials. It should be a catalyst for organisations to rethink how trust is maintained in a digital environment where disruption is inevitable and identity is constantly under attack. Because in a landscape where digitisation is taking place faster than ever before, security today is no longer defined by what happens at login, but by how consistently and confidently trust can be verified over time.
- The writer is VP, Solution Engineering, AMEA, TrendAI
