Skip to main content
1P_Community
1Password Employee
May 12, 2026

The future of authentication and identity security, and why it matters now

  • May 12, 2026
  • 0 replies
  • 97 views

When you hear the word “authentication”, you think of visiting a website or app, entering your credentials, and maybe completing a multi-factor authentication prompt. But we now live in a world with more apps, more devices, and increasingly powerful AI-assisted tools.  

To add to this complexity, we can delegate many types of tasks to AI agents on our behalf, meaning we have a new type of user to secure: non-humans. 

Authentication is no longer a matter of asking, “Can this person sign in?” but, “Who or what is requesting access, where are they requesting it from, what are they trying to do, and should that action be allowed?” All of these pieces together have made authentication a much larger conversation than it used to be. 

Jacob DePriest, Chief Information Security Officer at 1Password, recently stopped by the Random but Memorable podcast to discuss how authentication is changing with the introduction of AI. In this article, you'll learn why the basics of cybersecurity have never been more important, and Jacob’s advice on how to keep your data safe as industry standards shift to accommodate and secure AI-assisted workflows.

Can't see the video? Watch on YouTube

Start with the basics: strong, unique passwords matter more than ever

Identity security may seem like it’s getting more complicated, but basic password hygiene is still one of the most effective ways to protect your online identity. This means using strong, unique passwords that are stored in a secure, encrypted password manager like 1Password.

Passwords remain a major way that malicious actors gain unauthorized access to accounts. If a criminal can steal, phish, buy, guess, or uncover a valid credential, they might have everything needed to log in to the account and wreak havoc. 

Password management will continue to be important as long as online services are still using passwords and secrets. (Spoiler: They’re not going away anytime soon!) We may be moving toward a passwordless future that heavily utilizes passkeys. But in the meantime, you and your team should continue to use strong passwords and carefully manage who or what can use them, and how they’re protected, rotated, and revoked.

Passwords are just the start, though. Making multi-factor authentication a requirement is a crucial next step.

Turning on multi-factor authentication is key

Adding an extra layer of protection to the authentication process means that even if your credentials are compromised, you can still prevent unauthorized access to your accounts. 

Enter multi-factor authentication. Whether it’s passkeys, biometrics, or time-based codes, enabling multi-factor authentication helps prevent unauthorized access to your online accounts and sensitive data.

"I always start with MFA when we talk about authentication hygiene. [It’s] more important than ever."

When it comes to multi-factor authentication, shares, “I always start with MFA when we talk about authentication hygiene. [It’s] more important than ever right now with agents having so much access, and AI tools proliferating. This is where I always recommend folks spend the time. So, from a personal perspective, I have MFA turned on everywhere I possibly can.”

Some types of multi-factor authentication are more effective than others. Physical security keys (like YubiKey), passkeys, and authenticator apps are among the most secure methods. On the less effective side, SMS and email-based codes are more prone to interception by malicious actors. 

Similarly, security questions are often easy to guess with a bit of research or social engineering. (That is, unless you create truly random answers using 1Password!)

Passkeys are an especially useful and future-proof option for authentication because they’re simple to use and more secure than passwords. Under the hood, they rely on public-key cryptography (learn more in a previous blog post), which means they can't be stolen the same way a password can. Passkeys aren’t available everywhere just yet, but you should use them whenever possible to reduce the risk of being hacked.

All of these best practices work well for people when implemented, but what about AI agents? This is where the access model starts to shift from role-based access to intent-driven authorization.

Verifying intent is key when it comes to AI agents

AI agents can now code, summarize data, query systems, update records, and trigger workflows on your behalf when the right access is provided. As their skills continue to develop, they’ll need even more access, which creates new identity threats for anyone using them. How can teams increase productivity by using AI without putting their sensitive data at risk?

As a rule of thumb, credentials and secrets should never be stored in plaintext, especially when enabling non-human agents. However, it’s become more common for people who are testing out AI tools to put secrets – like API keys – in plaintext on their devices. From the end user’s perspective, this may seem like the easiest way to grant an AI agent or tool authorization to complete intended actions on their behalf. However, it also puts the user’s local and online data at unnecessary risk.

Instead of authorizing a person to access information or take certain actions, there’s a shift that needs to happen with agents towards continuously authorizing intent. Because work is increasingly being delegated to AI agents, we need to move from “Should this person be able to log in?” to “Is this agent authorized to take this action with these credentials at this time?” 

"We're going to be in a future where the security of these agents – authenticating or authorizing an agent – is going to have to be tied to the intent of the agent… It's going to have to be continuous."

Jacob named continuously checking an agent’s intent as key, saying, “I think we're going to be in a future where the security of these agents – authenticating or authorizing an agent – is going to have to be tied to the intent of the agent… It's going to have to be continuous. We can't just hand the keys over and say have fun… because of a variety of things, not the least of which is prompt injection.” 

1Password is already building for this future with capabilities like 1Password Environments to manage developer secrets, and the 1Password Cursor plugin, which enables developers to use 1Password secret management directly in Cursor without ever exposing those secrets in plaintext. Additionally, businesses can use 1Password® Unified Access to warn developers of local plaintext environment variables and prompt them to move those secrets into 1Password Enterprise Password Manager.

Adopting this shift towards continuously authorizing intent requires more than just the developer team to get on board, though. Let’s consider how to bring your whole team in.

Educating your team to set them up for success

So how do you ensure you and your team keep up with technological advances without creating new security risks? 

One of the most effective ways to prevent data leaks or breaches is educating your team on AI and cybersecurity best practices. Increasing AI literacy will help reduce the risk of exposing sensitive data and prevent AI agents from gaining too much access. For example, if an agent should have read-only access to company data, the team setting up the tool must ensure write permissions aren’t enabled.

Developers need to follow best practices, as they are often experimenting with new technologies. This includes learning how the AI tools they’re using interact with local files, environment variables, and company software.

And educating your team should become a regular occurrence at the company. AI advancements are happening so rapidly that we all need to embrace a student mindset to keep adapting.

The future of identity security and authentication

The future of authentication is continuing to evolve alongside AI breakthroughs. It can feel overwhelming to keep up with, but ultimately, online security requires strong passwords, multi-factor authentication, passkeys, developer secret management, and AI governance all working together.

Looking ahead, Jacob recommends understanding how your credentials are used, saying, “We believe in a future at 1Password where the choices we have are clear and that we own that identity ourselves, so we can approve or deny what's going to happen. We can have that consent baked in. And, so, whether that's somebody working on their desktop doing something with Claude Code, Codex, or Cursor, or if it's delegating a task to a set of agents, there's still this concept of being able to be in control of what's happening, and setting the guardrails as the human who's launching those things.”

We’re moving away from a one-time login and towards a more continuous way to confirm whether the person or agent should be allowed to take the action they’re attempting. Organizations that instill best practices in their teams’ workflows, offer AI literacy programs, and continue to adapt as technology evolves can stay prepared for that future as it develops.

Enjoyed this podcast interview? Ask questions and share tips in our episode discussion thread!