Why the day of the password is over

As the sophistication and volume of cyberattacks continues to evolve, passwords may no longer be enough to protect critical company data. Hackers are bypassing password protocols, attacks through the supply chain are increasing, and human error remains one of the top causes of data breaches.

In fact, brand-new research carried out by Landmark and Censuswide this month (January 2026) found that 14% of office workers in Ireland use the same password across both work and personal accounts, while 16% admit to having written down a work password in a physical notebook or diary.

In this blog, we explore why some businesses are moving beyond passwords and why privileged access management (PAM) – which ensures only authorised users can access sensitive or confidential information – could be the future of data security.

Let’s take a step back and examine some of the most common methods of password attacks. Most of us will be familiar with phishing, which uses fraudulent emails to trick victims into handing over personal information, but what about the lesser-known methods of attack which are keeping IT teams up at night?

‘Password cracking’ using malicious software programmes is becoming increasingly prevalent, helped by advances in artificial intelligence (AI), which is making it even easier for cybercriminals to crack codes and break into systems. A ‘brute force’ attack happens when cybercriminals essentially guess password combinations through trial and error. Easy-to-guess passwords are at particular risk from this type of attack – and our recent survey found that 14% of office workers use a password that contains personal information such as a name or birthday.

Meanwhile, ‘shoulder surfing’ attacks occur by simply looking over someone’s shoulder and seeing their password as they type it. This can happen both in public (either physically or via cameras) or, indeed, in the office (insider threats) and can be exacerbated by remote and hybrid working practices.

The growing ease with which attackers can gain access to an organisation’s systems via passwords is forcing business leaders to rethink their password security policies and explore other ways of protecting their critical data.

PAM works on the basis of ‘least privilege’, meaning that only those with the correct authorisation (such as system administrators) can gain access to particular data or systems. Essentially, it controls who can do what within your network. The solution stores passwords in secure vaults, grants permission to authorised users, and resets credentials at regular intervals for added security and compliance.

In turn, strict authentication rules reduce the cyber attack surface, secure data against growing cyberthreats, and provide full visibility over who has access to what data (and, indeed, who is actively accessing this data). This type of access control can be especially beneficial for businesses in highly regulated industries or those with strict compliance requirements.

Employees are often the weakest link when it comes to securing your business’s operations and, regardless of the size of your business or the industry you operate in, secure password storage and management is paramount. Our research shows that 16% of employees didn’t change or update any of their work passwords in the last year, while nearly a fifth (18%) used the same password for multiple work accounts.

As we enter 2026, now is the time to examine the password security policies in place and consider implementing a more advanced process, such as privileged access management, if those policies no longer meet requirements. Not only will it provide enhanced protection for your data, but it will streamline business operations, minimise downtime, and build increased trust with customers.

To find out more about Landmark’s cybersecurity services, speak to our highly skilled technical or customer service teams. Call us on 01 569 1056 or email hello@landmark.ie.