Skip to main content

Cybersecurity

May 6, 2026

 

Is it time to log out of passwords?

As World Password Day approaches, Mastercard’s Alissa ‘Dr. Jay’ Abdullah’ explains why stronger passwords aren’t enough — and why the future is fewer passwords, not better ones.

google logo

Jacquie Giusti

Senior Specialist, Global Communications, Mastercard

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

For decades, passwords have been the default guardrail for everything from email and banking to streaming and shopping, and we now manage more logins than ever. And the habits that arise from juggling dozens or even hundreds of online accounts — reusing passwords, opting for easy-to-remember ones like “Admin” or “123456” — can turn a single breach into a much bigger headache.

World Password Day is May 7, and it’s a good time to ask a simple question: Are passwords still doing their job? The Mastercard Newsroom spoke with Alissa “Dr. Jay” Abdullah, deputy chief security officer at Mastercard, about what’s working, what isn’t, and where things are headed next.

Are passwords still a safe way to protect our accounts today?

Abdullah: Passwords still matter, but they can’t do the job alone anymore. Most of us juggle too many accounts, which leads to reused or forgotten passwords — and that creates risk.

Add in AI‑powered scams that make fake emails and messages harder to spot, and passwords become even easier to exploit. That’s why security today is about adding extra layers and moving toward simpler sign‑in options that don’t rely so heavily on passwords.

 

Now the real shift is happening: Instead of asking how to strengthen passwords, the question is how we rely on them less.

Alissa 'Dr. Jay' Abdullah

   

   

If passwords have limits, why are we still using them?

Abdullah: Because they’re familiar. They’ve been around forever, and they’re easy to roll out. We’ve added layers like multifactor authentication to make them safer, and that’s helped a lot. But it also adds steps, and it still doesn’t fully solve the underlying problem. So now the real shift is happening: Instead of asking how to strengthen passwords, the question is how we rely on them less.

 

Passkeys are getting a lot of attention. What makes them different?

Abdullah: Passkeys are a newer way to sign in that move us beyond traditional passwords entirely. Instead of remembering or typing anything, your device takes care of the authentication for you.

When you set one up, your device creates a pair of digital keys — one stored securely on your device and one used by the service to verify you. From there, you can unlock your account the same way you unlock your phone — with your face, fingerprint, or device PIN.

Nothing to type. Nothing to forget. Nothing for attackers to phish. And because the credentials stay locked to your device, they’re far harder to steal or reuse.

10 most commonly used passwords

 

According to the 2025 global report by NordPass and NordStellar, password quality is poor across all generations, although names were more popular among older users, and millennials and Gen Z were more likely to use numbers or slang — skibidi being a popular choice — to secure their credentials. 

 

123456               password

admin                 Aa123456

12345678          1234567890

123456789       Pass@123

12345                 admin123

 

Decorative

    

What role will passkeys play in securing payments?

Abdullah: People want online shopping to feel as easy as tapping a card in-store — fast, seamless and secure. That’s where the industry is going. By 2030, the goal is to move away from manually entering card details for most online purchases and toward more automatic, secure ways to pay.

Behind the scenes, technologies like tokenization help protect your actual card details. And passkeys can help confirm it’s really you — without extra codes or interruptions.

Passkeys aren’t everywhere yet. What should people do for now?

Abudllah: We’re in a transition, so the basics still matter. Use strong, unique passwords for every account. Turn on multifactor authentication wherever it’s available. And when passkeys show up, try them. They’re designed to make life easier, not harder.


What’s the most common password mistake people still make?

Abdullah: Reusing passwords. It’s understandable — no one wants to manage dozens of log-ins. But it creates a chain reaction risk. If one account gets exposed, others can follow.

 

What’s your message this World Password Day?

Abdullah:  Maybe it’s time to stop chasing “better” passwords and sign up for passkeys.

Strong habits still matter today. But the bigger shift is happening behind the scenes: moving toward ways to sign in and pay that don’t depend so heavily on memory, typing, or repetition. That’s the direction we’re headed — simpler, faster and more natural for people.

Trust is the superpower making innovation possible

Intelligence-led cybersecurity and collaboration help organizations move faster, reduce risk and expand safe digital participation.

Learn more