As Employees Remain the Weakest Link, Experts Say It’s Time to Eliminate Passwords

Despite years of investment in cybersecurity awareness training, complex password policies, and multifactor authentication (MFA), human error remains a top cause of data breaches. According to IBM’s Cost of a Data Breach Report, 90% of successful cyberattacks and 70% of data breaches originate at endpoint devices, often triggered by employee workarounds under pressure to move fast. Experts say that instead of doubling down on user discipline, it’s time to rethink the access process itself.

“Empowering employees starts with simplifying secure access,” said Fran Rosch, CEO of Imprivata in a recent Forbes Tech Council article. “Tools like passwordless authentication and automated credential rotation reduce cognitive load and friction, helping prevent burnout while strengthening security.”

Password fatigue has long been one of the most overlooked contributors to risky user behavior. Employees managing dozens of complex logins across shared mobile devices, workstations, and applications often resort to workarounds, such as reusing credentials or leaving shared devices signed in between shifts. These small lapses can create large vulnerabilities, especially in fast-paced mission-critical environments like healthcare, manufacturing, and state and local governments.

By providing a passwordless login experience, organisations can eliminate one of the most error-prone aspects of the security chain. Passwordless authentication gives employees quick, secure access to the tools they need without introducing barriers that slow them down. When combined with automated credential rotation and single sign-on, passwordless access also improves visibility and accountability for IT teams while protecting sensitive data from unauthorised access.

Experts agree that designing security and access for human error, rather than trying to eliminate it, is the key to sustainable security. Simplifying secure access helps reduce stress, boost productivity, and close the gap between human error and cyber resilience. Ultimately, sustainable security comes from creating access that’s both secure by default and productive by design.

Learn how to simplify secure access through passwordless authentication.