Passwords Are Still Failing Us (World Password Day 2026)
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Passwords Are Still Failing Us (World Password Day 2026)” inside PodZeus.
Despite World Password Day 2026 and years of advocacy for better authentication, compromised credentials remain the root cause of 88% of web app breaches — a staggering statistic that underscores a systemic failure in cybersecurity. The hosts of Shared Security Podcast argue that the real problem isn’t users, but the organizations that continue to deploy weak, outdated, or non-existent multi-factor authentication (MFA) controls. They call out major financial platforms like Bill.com for only recently adding MFA options and still defaulting to SMS — a method known to be vulnerable to SIM-swapping attacks. The episode exposes a troubling truth: most applications still don’t require strong MFA by default, and regulators are failing to enforce stronger standards. The hosts advocate for a 'name and shame' approach to pressure companies into action, while also highlighting a growing, overlooked crisis: digital legacy planning. They reveal that even legal documents like wills and power of attorney are insufficient for accessing digital accounts after death, and that sharing password vault folders doesn’t solve MFA or device access issues. The episode concludes with a call to action: organizations must stop prioritizing convenience over security, and individuals must start preparing for digital afterlife scenarios — before it’s too late.
88% of web app breaches in 2025 were due to compromised credentials — a failure rooted in weak system design, not user error.
Most organizations still offer only SMS-based MFA as the default, despite its known vulnerabilities to SIM-swapping attacks.
Regulators are setting the bare minimum for security; organizations must be forced to adopt stronger controls like passkeys and authenticator apps.
Sharing a password vault folder is not enough to grant access to accounts after death — MFA, device access, and biometrics must also be addressed.
Digital legacy planning is a critical but ignored issue: legal documents alone cannot grant access to digital accounts after death.
…and 3 more takeaways available in PodZeus
The Persistent Failure of Passwords
“88% of all web app breaches happened because of compromised credentials. So like, what is it? What is the core of the problem here and why is this problem so hard to solve?”
Why MFA Isn't the Default
“Why in 2026 are we just now offering a multi-factor authentication that isn't S&S? That's why we have World Password Day.”
The Myth of User Responsibility
The hosts argue that blaming users is a distraction. The real failure lies with developers and businesses that don’t enforce strong authentication by default, even when simple, low-cost solutions exist.
The Digital Legacy Crisis
“Sharing access to a folder in your password vault is enough to allow somebody to access all your accounts. What about MFA, all the stuff we talked about today? It's just so complicated now.”
A Call to Action: Name and Shame
“I'm going to be going on LinkedIn later on today to look and I'm just going to write them and say, hey, are you embarrassed to work for an organization that doesn't need transfers and doesn't know how to do MFA correctly in May?”
“I'm going to be going on LinkedIn later on today to look and I'm just going to write them and say, hey, are you embarrassed to work for an organization that doesn't need transfers and doesn't know how to do MFA correctly in May?”
“88% of all web app breaches happened because of compromised credentials. So like, what is it? What is the core of the problem here and why is this problem so hard to solve?”
“Sharing access to a folder in your password vault is enough to allow somebody to access all your accounts. What about MFA, all the stuff we talked about today? It's just so complicated now.”
Host
Guests
Kevin Tackett
person
Scott Wright
person
Bill.com
organization
GuardSquare
organization
Verizon Data Breach Report
other
PCI DSS
other
OCC
organization
Meta & YouTube Found Negligent: A Turning Point for Big Tech?
Shared Security Podcast • 13m • 4/6/2026
The Dark Web Explained with John Hammond
Shared Security Podcast • 22m • 4/13/2026
Project Glasswing: When AI Becomes the Ultimate Hacker—and Defender
Shared Security Podcast • 28m • 4/20/2026
New York’s 3D Printing Crackdown: Security or Surveillance?
Shared Security Podcast • 15m • 4/27/2026
Fake Party Invites and the Rise of Social Phishing Attacks
Shared Security Podcast • 15m • 5/4/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Passwords Are Still Failing Us (World Password Day 2026)” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime