Notifications
Clear all
Topic starter
12/06/2026 10:06 pm
TL;DR: Credential management, phishing-resistant authentication, and end-to-end credential lifecycle control are framed as the core ICAM response to password failure, according to Axiad, with the SC Awards judging process spanning 33 specialty categories and 10 billion compromised records cited as context. The practical issue is not the award but whether identity teams can govern credentials across humans and machines at scale.
NHIMG editorial — based on content published by Axiad: Axiad Conductor named a finalist in the SC Awards
By the numbers:
- The SC Awards evaluated entries across 33 specialty categories.
- Knowledge factors have failed spectacularly, with 10 billion records compromised in RockYou2024.
Questions worth separating out
Q: How should security teams roll out phishing-resistant authentication without breaking operations?
A: Start with the highest-risk user groups and the clearest recovery paths, then expand only after enrollment, device loss, reset, and help desk flows are proven.
Q: Why do passwords create persistent identity risk even in mature IAM programmes?
A: Passwords remain exposed to reuse, phishing, guessing, and large-scale leak reuse.
Q: What do organisations get wrong about passkey and certificate adoption?
A: They often focus on enrollment success and ignore governance depth.
Practitioner guidance
- Inventory every credential class in use Map passwords, passkeys, certificates, temporary passwords, and device-bound authenticators to the systems and teams that own them.
- Design for renewal and revocation before broad deployment Build the update, reset, and revocation workflow first, then scale issuance.
- Test interoperability across your identity stack Validate how credentials behave across the IdP, PAM, IGA, and endpoint layers, including service desk recovery and device enrollment.
What's in the full article
Axiad's full blog post covers the operational detail this post intentionally leaves for the source:
- Product-specific explanation of how Axiad Conductor orchestrates credential issuance and revocation across heterogeneous environments
- Details on MyCircle and Airlock features for recovery and password reduction that implementation teams may want to evaluate directly
- Integration context for Microsoft Entra ID, Okta, Ping Identity, Yubico, IDEMIA, Thales, and Venafi
- The roadmap discussion around FIDO on Behalf and how Axiad says it will support mass passkey deployment
👉 Read Axiad’s analysis of ICAM credential management and phishing-resistant authentication →
ICAM credential control and phishing-resistant authentication?
Explore further
13/06/2026 12:38 am
Credential management has become the real control plane of modern identity security. The article correctly shifts the centre of gravity away from passwords and toward lifecycle-governed possession factors. That matters because issuing a stronger credential is not enough if renewal, recovery, and revocation remain inconsistent across platforms. Practitioners should read this as a governance problem disguised as an authentication upgrade.
A few things that frame the scale:
- strong>From our research: 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
A question worth separating out:
Q: How do IAM, IGA, and PAM teams coordinate around credential lifecycle?
A: IAM should own issuance and authentication policy, IGA should govern eligibility and review, and PAM should control elevated access and recovery paths. The key is shared lifecycle visibility, because strong credentials lose value when each team manages a different part of the flow in isolation.
👉 Read our full editorial: Axiad Conductor puts ICAM credential control in focus
