With India’s digital economy rapidly expanding across fintech, e-governance, cloud services, and consumer platforms, legacy password-based authentication is increasingly being seen as one of the weakest links in enterprise cybersecurity.
Against this backdrop, ETCISO, in collaboration with Zoho Vault, on May 21, 2026, hosted a high-level virtual webinar titled From Passwords to Passkeys: Securing India’s Digital Economy, focused on the next generation of identity and access security.
The session was presented under the banner of ETLegalWorld and ETCISO, in association with Zoho Sign and Zoho Vault, as part of Legal Security Counsel, a curated webinar series examining the future of secure, compliant, and resilient digital operations in India.
As India’s digital footprint continues to scale, speakers underlined that traditional password-based authentication has become increasingly vulnerable to phishing, credential theft, identity fraud, and account takeovers. The transition from passwords to passkeys, panellists said, represents a structural shift in how organisations secure digital identities, protect sensitive data and build trust across digital platforms. The discussion brought together CISOs, technology leaders, and cybersecurity practitioners to examine how passkeys—cryptographic, phishing-resistant credentials based on public-key cryptography and stored locally on user devices—can significantly reduce cyber risk while improving user experience and authentication success rates, while also supporting regulatory and compliance objectives.
The speaker panel included Gokulavan Jayaraman, Infosec Leader at Mahindra Group; Dr. A. Shiju Rawther, Chief Information Technology Officer at CARE Ratings Limited; Dr. Subhash Singh, CISO & Head – Enterprise Architecture at Deepak Fertilisers and Petrochemicals Corporation Ltd; Badmaprasath Baskaran, Assistant Vice President – Core Banking Platforms at Mashreq Bank (MGN – India COE); Malini Rao, Global Head of Cybersecurity Product Operations at Haleon; and Chandramouli Dorai, Chief Evangelist – Cyber Solutions & Digital Signatures at Zoho Corporation.
The conversation was anchored around practical, question-driven focus areas including how often users change passwords and whether existing practices are genuinely secure; the cognitive and operational challenges of remembering and recovering passwords; the fundamental differences between passkeys and traditional authentication models; and the limitations of passwords in the face of modern threats such as phishing, credential reuse and AI-powered identity fraud.
Panellists also examined the security, compliance, and user-experience advantages of passkeys, why they typically deliver lower risk exposure and higher sign-in success rates, how account recovery in passkey-based systems is more secure and user-friendly, and why tools such as password managers and multi-factor authentication, despite wider adoption, still fall short of addressing core identity risks.
Other key discussion points included implementation and operational challenges in deploying passwordless authentication at scale, concerns around synced passkey exportability and shared-device environments, best practices and identity-linking standards to improve confidence during deployment, and whether slower adoption of passkeys is driven more by lack of awareness than by technical or regulatory barriers.
The session also explored how organisations should measure the return on investment from passkeys beyond cost savings to include reduced cyber risk, improved user experience, and long-term digital trust, as well as how enterprises should prepare for emerging threats such as AI-driven identity fraud and deepfakes.
Aimed at CISOs, CIOs, technology leaders, risk and compliance professionals, and data protection officers, the webinar underscored that with rapid digital adoption across sectors—from financial services to government platforms—India’s cybersecurity strategy is increasingly aligning around principles of trust, resilience and proactive risk mitigation, positioning passwordless authentication as a key pillar of the country’s digital future.
