Password security evolves as regulations & threats intensify

Organisations are being urged to strengthen account security protocols as password technologies continue to evolve amid increasingly sophisticated cyber threats and stricter regulatory requirements.

Nicolas Fort, Director of Product Management at One Identity, described the evolution of password technologies from their inception to the current digital security landscape.

"Passwords have come a long way, from punch-tape reels in 1961 to the world of multi-factor authentication and fingerprint identification we inhabit today. The next leap is already happening – passkeys tied to devices, one-time AI-generated tokens, and even blockchain-backed session receipts." said Fort.

"It's no accident that password technology is constantly evolving. Cyberattacks are more frequent, threat actors have more sophisticated tools at their disposal, and as businesses continue to store more and more sensitive data online, regulators are rightly demanding that they keep up," he added. 

The growing complexity of the cyber threat landscape has driven developments in authentication technologies. Newer approaches involve device-linked credentials, artificial intelligence-generated temporary codes, and digital session validation using technologies like blockchain.

Alongside these technological shifts, multiple regulatory frameworks are compelling organisations to apply stricter access controls and authentication measures. Fort highlighted the significance of global and regional regulations governing data and account security.

"HIPAA, the EU's NIS2, the UK's Cyber Resilience Act, DORA and countless other rules and regulations all now demand rock-solid control over user accounts at every single touchpoint. That means audited sessions, behavioral analytics, rotating passwords, and just-in-time credentials – so that no matter how hard attackers try, there's simply nothing there to steal," Fort stated.

In addition to standard password protection, best practices now frequently feature advanced monitoring and analytics, such as tracking user behaviour and conducting regular audits of account activity. The implementation of rotating passwords and just-in-time credentialing is designed further to minimise the window of opportunity available to cybercriminals.

Regulators are also mandating transparency and accountability in how access to sensitive data is managed. Requirements feature detailed logs of account access, multifactor authentication, and proactive identification of suspicious activity.

Fort's comments come as organisations assess their preparedness for growing regulatory oversight and cyber risk. The push towards technologies such as AI-driven authentication and blockchain-backed credentials is propelled by a need to outpace threat actors and provide compliance assurances to regulatory bodies.

Security specialists emphasise that the continued evolution of password technologies is crucial as attack methods become more sophisticated. Organisations are being advised not only to implement newer technologies but also to enforce ongoing reviews of account access controls in line with regulatory guidance.

The landscape for password management now encompasses requirements for both technical security and strict regulatory conformance, reflecting broader trends in how businesses safeguard data and digital infrastructure against fraud and breaches.