scroll to top
Logo Willing White

Securing access: a brief history of a major challenge

  • Publié le 5 May 2025
  • 4 min

On the occasion of World Password Day, Willing offers a look back at the evolution of authentication—from the 1960s to the present day.

A journey that says a lot about our relationship with security, and the challenges that still lie ahead.

The evolution of the password: a constantly renewed challenge

1960–1980: When systems were open —and so was access

Originally, computing was an area of trust. In universities and laboratories, systems were shared, sometimes without passwords or using generic identifiers.

The priority? Easy access. Not yet security.

But very quickly the limits became apparent: no control over access, no way to manage authorizations or traceability. Abuses multiplied.
This situation marked the introduction of the first personal authentication mechanisms. The username/password pair made its debut.

1980–2000: The democratisation of passwords

Information technology becomes more and more industrialised. Businesses and public authorities equipped themselves with connected systems. Users created their own passwords—often short, obvious… and not very secure.

Risks escalated: shared passwords, predictable choices, dictionary attacks.
With no formal rules, security relied on users’ goodwill—and memory.


The first complexity policies appeared, laying the foundations for essential digital security practices.

2000s: Complexity — taken too far

Longer, more complex passwords, changed more often. The prevailing view of the 2000s: strengthen passwords to counter increasingly sophisticated threats.

The result? Strict rules, but not always productive:

  • Easy-to-guess variations of a previous and leaked password
  • Frequent forgetting and highly visible post-its
  • “False security”: compliant but ineffective passwords

At the same time, cybercriminals are adapting as quickly as the rules are changing.
A clear realisation emerged: complexity alone is no longer enough.

2010s: The rise of multi-factor authentication

Phishing became endemic. Massive leaks of identifiers become commonplace. Remote work weakened security perimeters.

Organisations are reacting: multi-factor authentication (MFA) became mainstream.
Authentication no longer relied solely on what we know, but also on what we have (token, smartphone) or what we are (biometrics).

The password is becoming just another building block, but it is no longer the single key to access.

Since 2020: Towards an era without passwords?

Security should no longer be a barrier to users. The limitations of passwords are clear. New alternatives are emerging: biometrics, passkeys, cryptographic authentication, physical keys.

These new methods hold great promises:

  • Fewer human errors
  • Less dependence on memory
  • Better resistance to automated attacks

But challenges remain:

  • What happens if a device is compromised?
  • Can a fingerprint be revoked?
  • The ecosystem is still in transition— but it is making rapid progress.

What about tomorrow? Invisible authentication

Tomorrow, authentication might no longer be a conscious act.

Practices are shifting towards integrated, seamless, and adaptive security:

  • Behavioural signatures
  • Keystroke dynamics
  • Decentralised identity
  • Real-time contextual analysis

Several key trends are emerging:

  • Native security integration into the infrastructure (hardware, cloud)
  • Seamless experience for humans, rigorous control for systems
  • Conditional access and granular controls based on depending on use.

Lessons learned: authentication is no longer just about passwords

This retrospective makes it clear: passwords no longer stand alone.
They are now part of a complete security ecosystem, combining MFA, biometrics, encryption keys, tokens and contextual access controls.
The challenge is no longer just to secure a single-entry point—but to orchestrate a fluid, reliable authentication system that is adapted to different uses.

This evolution is accompanied by a strategic refocusing on business logic. This shift is driven by two major breakthroughs:

  • The widespread adoption of MFA, drastically reducing identity-based attacks (by up to 99.2% according to Microsoft)
  • The simplification of deployment thanks to standards (SAML, OAuth), making solutions faster to implement, more user-friendly and more interoperable.

As a result, Organizations can now ask the right questions, at the right level:

  • When should re-authentication be enforced?
  • What are the conditional rules for different access contexts?
  • How can we balance usability and security—with no compromise?

Finally, complexity is now shifting to another front: machine authentication.
With the rise of APIs, microservices, AI agents and cloud architectures, non-human identities are exploding.
Between 2021 and 2024, their average number doubled—and 83% of organizations experienced at least one breakdown due to poor machine identity management.

Against this backdrop, structuring a machine identity strategy is becoming essential for securing exchanges, controlling technical debt and supporting changes to the information system.

Password, authentication… and beyond

This retrospective invites us to look further ahead.
Perhaps May 6 should no longer be just World Password Day, but World Authentication Day—with a capital A.

An authentication that encompassing:

  • Passwords and their alternatives
  • Business logic and usage contexts
  • Users… and machines

At Willing, authentication is central to transformation

Willing Technologies supports organizations in their technological transformation, particularly in the areas of cybersecurity and identity and access management (IAM).

Our expertise covers:

  • IAM project management (MFA deployment, solution migration)
  • Studies and frameworks (maturity audit, identity strategy, architecture)
  • Training and change management
  • Integration of business logic into IAM environments
  • Awareness-raising actions on authentication security

Better authentication also means better management, stronger protection, and better collaboration.

Do you need support with your IAM projects?

Our teams are here to help.

Get in touch

discover our latest publications
Article

Less digital for more life?
Article

An ambitious CSR policy to foster inclusive leadership
News

Crédit Agricole partners with Willing for its cybersecurity awareness campaign

Regional philanthropy

  • Every year, we sign sponsorship agreements with various organizations and associations. By way of example, in 2023, we were sponsors for over 100 days.
  • Since 2023, we have been a partner of Nos quartiers ont des talents (NQT), an association that promotes the professional integration of local young graduates, through which we mentor young professionals and pass on our knowledge and experience.

Partnerships with schools

  • We invest in our team members’ schools and alumni networks, and regularly take part in their events: company forums, entrance competitions, challenges, case studies, hackathons, etc.

Local charity events

  • We take part in charity events in our regions all year round, often initiated by our team members. Examples include the Toulouse and Paris marathons (2022, 2023 and 2024), awareness-raising and fundraising for Pink October (2023), Clean my Calanques (2024) and the Pink October race (2024).

Reducing our greenhouse gas emissions

  • Since 2022, our annual carbon footprint has been calculated by a qualified service provider (in accordance with the GHG Protocol).
  • We use this GHG assessment to evaluate and correct our scope 1, 2 and 3 reduction trajectory.

Sustainable purchasing and waste management

  • Our purchasing policy prioritizes purchases of reconditioned equipment or products made by environmentally engaged suppliers whenever possible, such as French non-profit organizations set up to help disabled people find work (like ESAT), in line with our continuous improvement approach.
  • We have set up selective sorting and recycling systems in each of our offices for paper/cardboard, metal, plastic and glass waste.

Promoting soft mobility

  • We pay 75% of our team members’ public transport fares.
  • We travel by train for business trips, as part of our Company Agreement, to reduce our carbon footprint.

Building on sustainable IT

  • Our website is eco-designed and developed, in line with our purpose and commitments (WCAG).
  • We give our used IT equipment to our team members’ children, associations or local schools.

Encouraging diversity and equal opportunity

  • We have a fair and inclusive recruitment process that gives everyone an equal chance, whatever their level of experience, origin or religion.
  • Our “Diversity” charters testify to our zero tolerance of all forms of discrimination.
  • We recruit students responsibly every year on work-study contracts and in internships, to help integrate young people into the world of work.
  • We have partnered with the Nos quartiers ont des talents association which accompanies disadvantaged young graduates, helping young professionals along the path to employment and facilitating the transmission of knowledge between generations.
  • We have assigned a representative in the fight against discrimination and promotion of diversity, Jennifer Borderie, whom our team members and candidates can contact in reference to such issues.
  • We have also set up a free helpline in collaboration with Malakoff Humanis to assist team members in difficult situations, for example due to harassment, discrimination, illness, social fragility or disability. (Phone: 3996.)

Promoting and accelerating gender equality

  • Our 2023 Company Agreement includes exceptional leave for female team members in the event of an abortion.
  • We offer parenting support including tripartite interviews on leaving for and returning from maternity and paternity leave.
  • Our professional equality index is the focus of a specific action plan. It stands at 93/100 for 2024 and is constantly improving.

Integrating people with disabilities

  • Marie-Cécile Batigne is our disability representative, in charge of supporting disabled team members and raising awareness among our teams.
  • Our 2023 Company Agreement provides for specific leave for any team member with a child who is diagnosed with a disability or pathology.
  • We have drafted an in-house memo providing information on leave options for caregivers.
  • We assist team members with the RQTH process and protocol to recognize their status as a disabled worker in France.
  • We adapt our workstations to the needs of our disabled team members to provide them with an inclusive working environment and encourage them to remain in employment.

Across-the-board CSR

  • As part of our drive to raise awareness of CSR issues among all our team members, our Willing Management Committee has received training and is regularly updated on these issues. All our offices have joined the Climate Fresk initiative, where during the workshops, we roll out our awareness-raising campaigns.
  • Our corporate project supports initiatives addressing the core issues and fields of action covered by ISO 26000.

A participatory, consultative approach

  • We assign an ambassador to relay our corporate project in each of our offices. It is their role to align the policies of our Executive Committee, Management Committee and Works Council with our teams’ proposals.
  • We use visual management techniques to communicate the progress of our corporate project in each office, and to collect questions, suggestions and contribution requests from our teams.

Business ethics

  • We have an Ethics Charter with a code of conduct that governs all professional relations with our partners based on seven immutable principles: solidarity, integrity, respect for others, honesty, rigor, loyalty and respect for professional secrecy. This encourages our suppliers to also act responsibly and protect the environment.