The origin of the commemoration of World Password Day emerged from researcher Mark Burnett, who, in his book Perfect Passwords, proposed establishing a date to remind users and companies of the importance of creating secure access mechanisms. The initiative materialized in 2013 when Intel Security declared the first Thursday of May as the annual date to promote habits that protect digital identity in activities such as online shopping, banking, and personal communications.
Currently, the cybersecurity landscape in Argentina presents indicators that directly affect the cost structure of organizations. According to current statistics, one out of every three users suffered a security incident in the last year. Nestor Markowicz , COO of CertiSur , points out in this regard that this data does not represent an individual security problem only, but rather has a direct impact on companies. The executive explains that the main cost of these vulnerabilities lies in the consequences after the event: operational interruption due to compromised access, forensic resolution and recovery costs, loss of customers, and reputational damage.
In specific markets such as finance, healthcare, or e-commerce, an incident linked to credentials leads to user abandonment. To Markowicz , 'the key point is that compromised credentials are no longer a technical problem: they are a business problem'. This vision shifts the responsibility of cybersecurity from technical areas to executive decision-making tables.
Given this scenario, organizations are implementing technologies to reverse the dependence on passwords, which constitute the first vulnerable link in the security chain. The migration is oriented toward multi-factor authentication (MFA) schemes, passkeys, biometrics, and digital certificates. To these elements is added post-quantum cryptography (PQC), designed to protect cryptographic mechanisms against future quantum computing capabilities. Although PQC does not directly replace passwords, it influences key-based credentials and passwordless authentication. In this regard, the COO of CertiSur states: 'The challenge is not only to move beyond passwords, but to ensure that new authentication models are resilient to future threats'.
Investment in cybersecurity presents a gap between risk perception and the execution of preventive measures, and the current investment model in many local companies is reactive. Faced with this, the paradigm shift proposed by the specialist consists of reducing the attack surface before the incident occurs, moving from post-incident protection to prevention based on three pillars: visibility of identities and access, automation to reduce human error, and risk-based access management. This approach requires investments in trust architectures, such as Zero Trust, identity and access management, and certificate lifecycle automation.
An emerging concept on the technology and finance agenda is crypto-agility. This capability allows organizations to identify the use of cryptography in their systems, migrate algorithms swiftly, and prepare for post-quantum standards. This strategy is relevant in the face of threats such as harvest now, decrypt later (harvest now, decrypt later), where data is stolen in the present to be processed when quantum technology is available. According to Markowicz , 'prevention is no longer just avoiding the immediate incident, but protecting information in the long term, even against threats that are not yet widespread'.
In terms of market competition, the robustness of authentication systems becomes an advantage against consumers who are cautious with their data. 33% of users who were victims of fraud in the last year consider security as a decisive factor before conducting transactions or sharing information. Companies that consistently convey security improve conversion rates, reduce abandonment in digital processes, and strengthen long-term customer relationships. Markowicz emphasizes that this trust is built through real experience, offering simple but robust authentication processes and visible protection mechanisms, such as digital certificates. The executive maintains: 'Digital trust is no longer built only with what we protect today, but with the ability to demonstrate that we are prepared to protect tomorrow as well'.
On the other hand, corporate training to mitigate human error in hybrid work environments is evolving toward continuous training models and simulations of real social engineering attacks. However, the trend indicates that it is no longer sufficient to educate the user; systems must be designed so that human error is expected but not critical to the infrastructure. This is achieved by integrating training with password elimination and access automation.
Finally, the analysis of the current state of digital credentials suggests that the evolution toward robust identity models is a strategic necessity. Markowicz concludes: 'The challenge is no longer to have more secure passwords, but to stop depending on them. Organizations that evolve toward more robust digital identity models will not only reduce risks, but also build a competitive advantage based on trust. And on that path, preparing for future threats, such as the impact of quantum computing, is no longer optional, but part of a responsible security strategy'.