Passwords remain one of the weakest links in enterprise security. Despite advances in multi-factor authentication (MFA), recent data breaches show that attackers continue to bypass traditional protections. In this episode of The Security Strategist, host Trisha Pillay speaks with Nic Sarginson, senior solutions engineer at Yubico.

Together, they explore the vulnerabilities of passwords and conventional MFA, and why phishing-resistant authentication is no longer optional; it’s a strategic imperative for chief information security officers (CISOs).

"Passwords alone just don’t cut it," says Sarginson. Hackers can launch sophisticated attacks in minutes, and traditional MFA often isn’t enough to stop them. Organisations should turn to device-bound passkeys and physical security keys not just as tools, but as a way to rethink enterprise security, stay ahead of compliance pressures, and embrace a passwordless future.

"Attackers can now launch sophisticated campaigns quickly and cheaply using publicly available data. That’s why breaches today are far more dangerous, and why weak MFA or social engineering is often involved." — Nic Sarginson, Yubico,

Why This Matters for CISOs

Cybersecurity leaders face growing pressure to defend against phishing attacks, navigate evolving compliance demands, and deliver secure experiences for users. Sarginson shares practical strategies, expert insights, and real-world examples to help CISOs and IT leaders build a stronger, passwordless future.

Takeaways

  • Passwords are fundamentally broken and pose a major vulnerability.
  • Recent breaches highlight the inadequacy of traditional MFA.
  • Device-bound passkeys offer stronger protection against phishing.
  • Integration of new security methods is a significant challenge for enterprises.
  • Real-world case studies show measurable improvements with security keys.
  • Regulatory frameworks are increasingly mandating strong MFA.
  • Phishing resistance must become the default in security strategies.
  • The technology for passwordless solutions is now prevalent.
  • Security leaders must advocate for proactive security measures.
  • User education is crucial for the adoption of new security technologies.
     

Chapters

00:00 Introduction to Authentication Challenges

02:15 The Impact of Recent Data Breaches

05:30 The Entrenchment of Passwords and MFA

08:22 Exploring Device Bound Passkeys

11:20 Integrating Physical Security Keys

14:34 Real-World Case Studies and Metrics

17:24 Regulatory Pressures and Future Trends

20:27 The Path to Passwordless Security

About Nic Sarginson

Nic Sarginson is a senior solutions engineer for UKI and RSA at Yubico. An industry veteran, he has held a range of roles in cybersecurity and enterprise solutions, helping organisations adopt strong authentication methods and enhance their phishing resistance strategies.