Sign up to save your podcasts
Or
Share The Death of Passwords: The Future of Authentication
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Death of Passwords: The Future of Authentication
Is passwordless authentication finally ready for prime time, or are we just replacing one set of problems with another?
Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're tackling one of the oldest challenges in information security: identity and access management.
I'm joined by David Higgins, CTO at CyberArk and Murtaza Hafizja, Senior Technical Product Marketing Leader from OneSpan, who bring decades of combined experience from the front lines of identity, authentication and access control. Together, we explore how the industry has evolved from simple username/password combinations to biometrics, passkeys and continuous authentication and where the technology is heading next.
Summary
We examine the persistent challenges around identity management, from the struggle between security and user convenience to the explosion of non-human identities that now need managing. David explains why privilege access management has evolved from credential vaulting to zero standing privileges and how cloud environments have created both opportunities and complexities with their tens of thousands of granular permissions. Murtaza tells us about the passwordless evolution, why risk-based authentication is making a comeback and the real barriers to rolling out modern authentication at scale.
Whether you're a CISO wrestling with third-party access, an IT manager trying to balance security with productivity or just someone interested in where authentication is heading, you'll get honest perspectives on what works, what doesn't and what's actually achievable.
Key Talking Points
- The Passwordless Evolution and What It Really Means Learn why passwords are finally on their way out (mostly), how passkeys and biometrics have moved from niche to mainstream and why the technology that failed 20 years ago is now becoming the de facto standard for authentication.
- Zero Standing Privilege and the Cloud Permission Problem Discover how cloud environments have paradoxically made privilege management both more granular and more complex, why organisations are moving away from permanent permissions and how just-in-time access is becoming essential for modern infrastructure.
- Continuous Authentication and Behavioural Analysis Understand why a single login authentication isn't enough anymore, how attackers are owning identities by exploiting help desks and why monitoring user behaviour patterns might be the key to stopping credential-based attacks before they cause damage.
On the security of key documentation:
"Attackers aren't breaking in anymore, they're logging in."
David Higgins, CyberArk
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- The Evolution of Identity Management How authentication has cycled through different approaches over 30 years, from basic username/password to biometrics that failed, then succeeded and why we're finally at a point where passwordless is achievable at scale.
- From Too Little Granularity to Too Much Why early operating systems forced an all-or-nothing approach to permissions, how cloud providers now offer tens of thousands of different roles and entitlements and why this has made principle of least privilege almost impossible to implement upfront.
- Zero Standing Privilege as the New Normal How organisations are moving away from permanent permissions toward just-in-time access, why no one should have standing privileges anymore and how this approach aligns with modern cloud environments.
- The Passwordless Movement Goes Mainstream What's changed to make passwordless authentication viable now, why passkeys are moving from hype to implementation and the real challenges of rolling out modern authentication to millions of users.
- Third Party and Non-Human Identity Challenges The growing problem of managing identities for contractors, suppliers, automated systems and AI and why this volume of identities is creating new security and access control headaches.
- Continuous Authentication and Risk-Based Approaches Why logging in once isn't enough anymore, how behavioural analysis can detect when an owned identity is being misused and why risk-based authentication is making a comeback after years of being overlooked.
- The Help Desk as Attack Vector How attackers are purchasing stolen credentials then simply calling help desks to reset MFA tokens, why context matters as much as credentials and what this means for authentication strategies.
- Balancing Security Friction with User Acceptance Why completely frictionless security is impossible, how to find the right balance between protection and productivity and why users will find workarounds if authentication becomes too painful.
- Privilege Access Management Evolution How PAM has evolved from simple credential vaulting to addressing root causes, why managing secrets at scale remains challenging and the shift toward eliminating standing privileges entirely.
- The Privacy vs Security Dilemma Concerns around government databases for digital ID verification, the risks of centralised identity storage and why securing authentication data is becoming more critical as we move toward digital-first validation.
Resources Mentioned
CyberArk
OneSpan
Gartner Hype Cycle for Digital Identity
FIDO Alliance
Principle of Least Privilege
AWS (Amazon Web Services)
Microsoft Azure
Google Cloud Platform (GCP)
WebAuthn
CTAP (Client to Authenticator Protocol)
UK Digital ID Verification
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email [email protected].
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
LinkedIn: Razorthorn Security
YouTube: Razorthorn Security
TikTok: Razorwire Podcast
Instagram: Razorwire Podcast
Twitter: @RazorThornLTD
Website: www.razorthorn.com
All rights reserved. © Razorthorn Security LTD 2025
View all episodes
By Razorthorn SecurityIs passwordless authentication finally ready for prime time, or are we just replacing one set of problems with another?
Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, we're tackling one of the oldest challenges in information security: identity and access management.
I'm joined by David Higgins, CTO at CyberArk and Murtaza Hafizja, Senior Technical Product Marketing Leader from OneSpan, who bring decades of combined experience from the front lines of identity, authentication and access control. Together, we explore how the industry has evolved from simple username/password combinations to biometrics, passkeys and continuous authentication and where the technology is heading next.
Summary
We examine the persistent challenges around identity management, from the struggle between security and user convenience to the explosion of non-human identities that now need managing. David explains why privilege access management has evolved from credential vaulting to zero standing privileges and how cloud environments have created both opportunities and complexities with their tens of thousands of granular permissions. Murtaza tells us about the passwordless evolution, why risk-based authentication is making a comeback and the real barriers to rolling out modern authentication at scale.
Whether you're a CISO wrestling with third-party access, an IT manager trying to balance security with productivity or just someone interested in where authentication is heading, you'll get honest perspectives on what works, what doesn't and what's actually achievable.
Key Talking Points
- The Passwordless Evolution and What It Really Means Learn why passwords are finally on their way out (mostly), how passkeys and biometrics have moved from niche to mainstream and why the technology that failed 20 years ago is now becoming the de facto standard for authentication.
- Zero Standing Privilege and the Cloud Permission Problem Discover how cloud environments have paradoxically made privilege management both more granular and more complex, why organisations are moving away from permanent permissions and how just-in-time access is becoming essential for modern infrastructure.
- Continuous Authentication and Behavioural Analysis Understand why a single login authentication isn't enough anymore, how attackers are owning identities by exploiting help desks and why monitoring user behaviour patterns might be the key to stopping credential-based attacks before they cause damage.
On the security of key documentation:
"Attackers aren't breaking in anymore, they're logging in."
David Higgins, CyberArk
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- The Evolution of Identity Management How authentication has cycled through different approaches over 30 years, from basic username/password to biometrics that failed, then succeeded and why we're finally at a point where passwordless is achievable at scale.
- From Too Little Granularity to Too Much Why early operating systems forced an all-or-nothing approach to permissions, how cloud providers now offer tens of thousands of different roles and entitlements and why this has made principle of least privilege almost impossible to implement upfront.
- Zero Standing Privilege as the New Normal How organisations are moving away from permanent permissions toward just-in-time access, why no one should have standing privileges anymore and how this approach aligns with modern cloud environments.
- The Passwordless Movement Goes Mainstream What's changed to make passwordless authentication viable now, why passkeys are moving from hype to implementation and the real challenges of rolling out modern authentication to millions of users.
- Third Party and Non-Human Identity Challenges The growing problem of managing identities for contractors, suppliers, automated systems and AI and why this volume of identities is creating new security and access control headaches.
- Continuous Authentication and Risk-Based Approaches Why logging in once isn't enough anymore, how behavioural analysis can detect when an owned identity is being misused and why risk-based authentication is making a comeback after years of being overlooked.
- The Help Desk as Attack Vector How attackers are purchasing stolen credentials then simply calling help desks to reset MFA tokens, why context matters as much as credentials and what this means for authentication strategies.
- Balancing Security Friction with User Acceptance Why completely frictionless security is impossible, how to find the right balance between protection and productivity and why users will find workarounds if authentication becomes too painful.
- Privilege Access Management Evolution How PAM has evolved from simple credential vaulting to addressing root causes, why managing secrets at scale remains challenging and the shift toward eliminating standing privileges entirely.
- The Privacy vs Security Dilemma Concerns around government databases for digital ID verification, the risks of centralised identity storage and why securing authentication data is becoming more critical as we move toward digital-first validation.
Resources Mentioned
CyberArk
OneSpan
Gartner Hype Cycle for Digital Identity
FIDO Alliance
Principle of Least Privilege
AWS (Amazon Web Services)
Microsoft Azure
Google Cloud Platform (GCP)
WebAuthn
CTAP (Client to Authenticator Protocol)
UK Digital ID Verification
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email [email protected].
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
LinkedIn: Razorthorn Security
YouTube: Razorthorn Security
TikTok: Razorwire Podcast
Instagram: Razorwire Podcast
Twitter: @RazorThornLTD
Website: www.razorthorn.com
All rights reserved. © Razorthorn Security LTD 2025