Passwords remain central to IT security despite alternatives like passkeys; NIST recommends no forced regular password changes, but immediate replacement upon compromise; secure implementation requires TLS encryption, hashed storage, complexity checks, and brute-force protection.