There was a time
not too long ago, really,
when a key opened a door,
and that was the end of it.
No biometrics.
No two-factor authentication.
No email link that expires in five minutes.
You just turned the key, walked in, and got on with your life.
Now?
Now, on many days, I spend the first 30 minutes just proving I’m me.
To my email.
To my bank.
To apps I don’t even remember installing.
And this morning, this cursed, ordinary morning,
I forgot a password. Just one.
But that was enough to unravel my entire day.
It was for a work system.
I typed what I thought it was.
Denied.
Tried the one with an exclamation mark.
Denied.
Tried the one where I swapped the “E” for a “3”.
Still wrong.
Fine, I thought. I’m a grown man. I have systems.
I clicked “Forgot Password.”
It sent the reset link to my work email.
Which I couldn’t access… because I was locked out of that, too.
So I turned to my password manager.
It asked for a 2FA code.
Which was on my authenticator app.
Which I lost when I factory reset my phone last week trying to fix Bluetooth.
Everything is connected.
And when one thread snaps, the whole digital web collapses.
I couldn’t get into Slack.
Couldn’t open the VPN.
Even my notes app locked me out.
All because I forgot a single word.
A word I created.
But that wasn’t mine anymore.
And here’s the thing:
I remember my childhood home phone number.
I remember my locker combination from high school.
I remember the smell of my grandfather’s aftershave.
But this password…
This cryptic mess of uppercase, lowercase, numbers, symbols, hope, and despair,
gone.
How did we get here?
We simply live in a security illusion.
We live in a time where security tools have become so complex, they border on absurd.
But cybercriminals have adapted just as fast.
And in many cases, they’re using the same AI and tools meant to protect us, against us.
We’re not even aware that there are billions, yes, billions of stolen credentials for sale on the dark web.
A 2023 Adarma report found that nearly every company surveyed felt confident in their cybersecurity.
And yet, two out of three had already suffered a cyberattack.
Same story in Bain & Company’s research:
Executives feel safe. Few actually are.
Even the experts at Carnegie Mellon warn: vulnerabilities are everywhere.
A misconfigured device.
A typo in the code.
A third-party vendor with sloppy protocols.
The weakest link doesn’t have to be you, but you’ll feel the pain all the same.
AI to the Rescue… Maybe?
A lot of companies are betting on AI to fix this mess.
And sure, it’s promising—AI can detect patterns, flag threats, and automate responses.
But most companies don’t even check whether their AI is secure.
According to the World Economic Forum, only about one in three actually vet their AI tools for vulnerabilities.
We’re installing high-tech locks and never checking if the door even closes.
And AI, like any tool, cuts both ways.
The United Nations has warned that AI can be hijacked, manipulated, and turned against the very people it’s supposed to protect.
We have too many passwords, too little time.
The average person now manages over 100 to 168 passwords for personal use,
and up to 255 when work accounts are included.
That’s hundreds of opportunities to forget, mistype, or get compromised.
Even two-factor authentication isn’t foolproof.
It can be bypassed through phishing, SIM-swapping, or just good old-fashioned trickery.
So what are we doing, really?
Are we securing ourselves or just creating the illusion of control?
The real problem is overcomplication.
We used to think technology would set us free.
Now it feels like we’ve built a prison
and handed the keys to a CAPTCHA.
The real risk isn’t forgetting a password,
it’s forgetting that none of this is simple anymore.
We’ve created a system so convoluted that even the protectors trip over it.
We trade convenience for security, then security for convenience,
until we’re trapped in an endless loop of login screens and lockouts.
So, What Now?
I don’t have all the answers.
But I know this:
something has to give.
Maybe it’s time we stop pretending we can remember 168 passwords.
Maybe we consolidate accounts.
Maybe we move toward passkeys or passwordless logins.
Maybe we just delete the accounts we don’t actually need anymore.
Because until we simplify, we’re not really living in a digital world,
we’re surviving.
References & Further Reading
- Adarma Security: “A False Sense of Cybersecurity: How Feeling Safe Can Sabotage Your Business,” 2023
(Research on overconfidence and real-world breach rates in organizations) - Bain & Company: “Most Companies Overestimate Their Cybersecurity, but Resilience is Possible,” 2020
(Analysis of cybersecurity best practices and executive overconfidence) - World Economic Forum: “Global Cybersecurity Outlook 2025,” 2025
(Annual report on global cyber threats, AI adoption, and organizational risk awareness) - Carnegie Mellon University SEI: “Security Vulnerabilities,” 2024
(Overview of technical vulnerabilities, disclosure, and risk management from a leading research institute) - UNIDIR: “AI and International Security: Understanding the Risks,” 2023
(UN-backed research on risks and challenges of AI for global security) - UK Government / GOV.UK: “Cyber Essentials Impact Evaluation,” 2024
(Official evaluation of the Cyber Essentials scheme and its impact on organizational cyber resilience)
