68% of Japanese Firms Still Guard Systems With Just a Password — in the Age of AI Phishing
- A survey finds 68% of Japanese companies rely solely on ID-password authentication
- Generative AI has made phishing more sophisticated and industrial-scale
- MFA, passkeys and zero-trust are the overdue fixes
Once AI started writing phishing emails more convincingly than humans, a company guarded only by passwords is leaving the key in the door. A survey cited by Toyo Keizai finds 68% of Japanese firms still manage system access with ID and password alone. Phishing was already the most effective way to steal credentials; generative AI made it cheaper and vastly better — flawless Japanese, a boss's tone, fake login pages spun up on demand — collapsing attack costs while human detection fails. The fixes are standard issue, not exotic: multi-factor authentication, passkeys, zero-trust architecture. The problem is adoption, and Japan's perimeter-heavy security tradition has left the authentication layer behind — 68% is the invoice. Two reminders: supply-chain partners of Japanese firms are attackers' favorite stepping stones, so your security posture is their risk assessment; personally, if you still reuse passwords, passkeys and a password manager are this year's homework.