World Password Day 2025: All the news, updates and advice from our experts as it happened

That just about does it for our 48 hour coverage of World Password Day 2025 - and what fantastic news, updates, and expert insights we had into the world of passwords and password security!

Most of us use passwords almost every day to access and protect online accounts, files, and documents. But passwords are only as secure as you make them, and remembering multiple complex passwords can be such a hassle.

Don't worry though, we rounded up

• advice from our experts to help keep your accounts and passwords secure
• exclusive deals from our password manager partners to keep your data safe
• insights into how passwords are evolving and the future of passwords
• password security content from our extensive archive
• And much more!

What is World Password Day anyway

World Password Day is an annual day to recognize the importance of password security and share insights and techniques to improve credential security. Passwords are often the single line of defense between a hacker and your personal info, so having a short and poorly crafted password can result in social engineering, data theft, banking and credit fraud, and even identity theft.

Carla Roncato, VP Identity at WatchGuard, summarizes why password security awareness is so important. "As we mark another World Password Day, the conversation often turns to strengthening password habits and promoting password managers. While those are necessary steps, there’s a deeper, more pressing issue that needs the spotlight: the thriving underground economy trading in stolen credentials on the dark web."

So, to mark World Password Day 2025 which will begin on the 1st May, we will be sharing recommendations and insights from security experts, alongside password manager deals, advice, and best practices to help keep you and your online accounts safe!

How big is World Password Day?

As we hit 3pm here in the UK, Australia has officially ticked over into May 1st 2025, marking the official start of World Password Day 2025 (for those down under at least).

Data from Google Trends shows that World Password Day sees a yearly spike beginning in April and peaking in at the beginning of May, with 2022 being particularly big year for World Password Day.

Many governments and organizations use World Password Day as a yearly reminder to check the best practices for password security. It's also a great opportunity for phishing and social engineering training.

When was the first World Password Day?

When thinking historically, passwords bring to mid verbal phrases used to signify an allegiance to a particular person or group, or to gain access to a restricted room. Nowadays, we use passwords to keep our accounts and files secure.

The history of World Password Day doesn't go as far back as secret pass phrases, and the day was in fact founded by Intel in2013 as a way to remind people to better their password security and general account security habits. Thanks Intel.

How to keep your passwords safe

There are numerous ways to keep your passwords safe in the digital age. In the nineties and early 2000s it might have been common to have a little book of passwords stored in your family PC cabinet which, while fairly handy, could get lost or stolen.

Nowadays, many people use a password manager app. These apps can help you generate strong passwords when you are creating a new account or changing a password, and will store them in a secure encrypted vault. Most of these apps use some kind of biometric authentication to help keep them extra secure from snoops or hackers trying to break in.

If you aren't looking to splash out on a premium app, there are numerous free password managers around that can give you a basic password storage solution, but may lack extra features such as secure sharing. Luckily, we've rounded up some of the best World Password Day deals to help you grab a bargain and stay secure!

Are passwords already obsolete?

I'd argue that they are. Passwords, like antivirus, hail from a bygone era well before the internet and the raft of threat opportunities that it unleashed. Some even suggest ending World Password Day altogether; BeyondID's CEO Arun Shrestha says that passwords have lost their usefulness, and I agree with him. Passwordless technology, he maintains, is much more secure and offers a much better user experience. There are no more password resets (a bane for IT helpdesks worldwide), but you still need a phone number ora valid email address.

Who has the most responsibility when it comes to protecting passwords?

Spencer Starkey, Executive VP EMEA at SonicWall, says that both businesses and individuals have a responsibility to keep passwords secure:

“First things first, employees need to know how to protect themselves. Social cyber-attacks such as phishing that look to get access to authorised user details are still incredibly common and education is crucial. Across the board, there must be implementation of strong security policies and procedures, good password hygiene, high-level encryption, as well as single sign-on and access control when it comes to cloud applications.

From a high-level business perspective, they must look to constantly monitor their network for suspicious activity, using security tools to detect where logins are occurring, on what devices. The sooner they can flag a potential issue, the risk of an attack dramatically lowers. Having a response plan to a cyber attack is of course paramount, and to their credit, more and more businesses have realised this. It’s important to have a technology partner that they can use, if need be, for remediation. HR teams must work closely with the IT teams, especially the CISO of the organisation to ensure they have full visibility on who to call if the unthinkable happens.

Another great step is ensuring that all those operating within the network are educated on best practices, from multi-factor authentication (MFA) to regularly updating devices connected to the network. Empowering users with strong password policies and robust security measures enhances network security, especially as cloud-based tools become more prevalent in education, making access easier for potential attackers.”

Moving past passwords is improving brand trust

With passwords starting to show their age, and passkeys likely replacing them almost completely within the next decade, there are some interesting statistics behind the adoption of passkeys.

A recent study by Thales has found that almost half (48%) of consumers are more likely to trust a brand that offers the use of passkeys. This is usually due to the frustration many experience when trying to remember or change a password just to use a service or complete a purchase.

Passkeys differ from passwords in that rather being a sequence of characters you have to remember, a passkey is instead a digital identity that is stored on device such as a key fob or mobile phone, and requires a biometric scan (such as a fingerprint or facial recognition) in order to authorize a login.

This makes it much harder for hackers to break into your accounts as they must be in possession of both your digital identity and your physical identity.

The FIDO Alliance has also recently invited companies to participate in the World Passkey Pledge to create a more secure future, and move past the vulnerability and hassle of passwords.

Simon McNally, Cybersecurity Expert at Thales said, "Passwords have long been a weak link in digital security, forcing consumers and businesses into a frustrating cycle of password resets and potential breaches. We welcome the FIDO Alliance’s commitment to World Passkey Day and its push for a passwordless future. Passkeys provide a seamless and secure authentication experience, eliminating the risks and frustrations associated with traditional passwords.

Passkeys are automatically generated and securely stored, removing the burden of creating and managing complex passwords. They also enhance privacy by allowing authentication without sharing sensitive data, reducing the risk of breaches. As trust in digital security becomes more critical, businesses must prioritise passwordless solutions to protect users and build brand confidence."

How safe is a password manager?

All of the best password managers use highly secure encryption algorithms to keep your passwords protected. Most will use the AES-256 algorithm, but NordPass goes a step further by using XChaCha20 - which is even claimed to be quantum resistant.

Furthermore, many password managers have either the option to turn on two-factor authentication or enable it by default. What good would a password manager be if all you protected it with was a weak password? If you don't have two-factor authentication enabled, my expert recommendation is to use it wherever possible.

And just as an extra tip, always verify that the app you are installing is from the official brand, and isn't just a cloned app that will steal all your passwords. Hackers are increasingly pushing malicious apps through emails and web forums, hoping that those without a penchant for cybersecurity will install them.

People still share passwords despite knowing the risks - do you?

Though we may not all admit to it, sharing passwords with colleagues, friends, and family members is a common occurrence. It might be convenient, but it definitely isn't secure. Darren Guccione, CEO and Co-founder at Keeper Security told us:

"In an era where data breaches are more frequent and sophisticated than ever, password sharing remains one of the most underestimated threats to cybersecurity. Whether colleagues are passing around login credentials for convenience or teams using a single shared password for a tool or platform, this practice creates serious blind spots. Recent research reveals that 52% of enterprise IT teams struggle with frequently stolen passwords, while additional research shows that 3 in 4 consumers are at risk of being hacked due to poor password practices. When credentials are shared insecurely, accountability is lost, audit trails disappear, and organisations are left vulnerable to both accidental and malicious misuse.

Beyond technical safeguards, companies must also invest in building a culture of cybersecurity awareness. This means regularly educating employees about password-related risks, such as choosing weak passwords or reusing the same credentials across platforms. Ongoing training sessions explaining the dangers of password sharing, combined with phishing simulations, can reinforce good habits and highlight potential vulnerabilities before they become serious threats.

This World Password Day, let’s move beyond convenience and commit to a safer, more responsible way to manage access."

How to move passwords from one password manager to another

If you use a password manager, there may come a time when you spot a better deal from a different provider, or want to move to a free password manager. But the question is, how do you move all your stored passwords from one to the other?

Outside of spending the time to manually copy and paste each credential between the two apps, there is an alternative.

Many password managers will allow you to export your passwords as a file that can be imported into another app. This file will usually be a .CSV file which means that anyone with access to the file will likely be able to see all your passwords and their matching credentials - so keep this file safe and dispose of it accordingly!

From there, it is just a case of opening your new password manager app and clicking the 'Import' button, and the app will do the rest. Keep in mind that if you also store passkeys in your password manager, many apps won't export your passkeys in the .CSV file.

How often do you change your password?

We polled our readers on their password habits, and our results might surprise you! If you’re one of the staggering 84% of TechRadar Pro readers who only changes their passwords when they’ve forgotten them - then take a look at our World Password Day advice for making your password hygiene easier and healthier! Check out our full findings here.

Passwords aren't just personal

Passwords are often the single defense between your account and a hacker trying to break in, especially if you don't use an additional security mechanism such as multi-factor authentication. This applies to both you own personal accounts, and your business accounts, and often an attacker only needs to breach one account to commence a cyberattack against a company. Matt Cooke, EMEA Cybersecurity strategist at Proofpoint, gave us his advice,

"This World Password Day, we could all spare a moment to consider the importance of password management. With so many accounts and logins to juggle, it's easy a common misstep to use the same password across multiple accounts and devices, with 71% of us doing so. However, passwords are one of the first critical barriers between a person, a threat actor and a successful cyberattack but many people make the mistake of reusing the same login credentials across multiple sites and devices. This makes it easier for threat actors to gain access to sensitive information through advanced credential phishing campaigns.

When it comes to password creation, avoid common words, phrases, names, and dates associated with you or direct family members. It is also wise to turn on multi-factor authentication (MFA) which uses two forms of ‘evidence’ to validate an identity before access is granted or, if not available, use a password manager.

A password manager creates randomised passwords that are safely stored, encrypted, and accessible across all personal devices and reduces the burden of trying to remember complicated login credentials across multiple websites. It’s also best to change all passwords twice a year and change business passwords every three months."

Consumers abandon purchases if they have password difficulty

Passwords aren't just insecure, they're inconvenient. How many times have you been trying to log in to a service you haven't used in a while, or trying to purchase something online, only to be greeted by those fateful words, "Incorrect email or password".

Well, evidence suggests that this is enough to stop a user from continuing to use a service or complete a purchase. In fact, a recent Frontegg study found that 87% of consumers have abandoned a purchase after encountering issues when trying to log in, with 52% stating that they would then use a competitor with an easier login process.

The average value of an abandoned cart was found to be $85, showing how much revenue can be lost just from user experience alone. Additionally, when forced to create an account to complete a purchase, almost 3 in 5 US shoppers would abandon their purchase. 55% of shoppers would also abandon their account and stop using a website if they forgot their password.

How do businesses manage passwords?

Just like the average Joe on the street, businesses also use passwords to access applications and accounts. And much in the same way the average Joe might use a password managers, businesses rely on business password managers specially designed to help them manage, share, generate, and revoke company credentials.

This is especially important when a company has to make redundancies, and disgruntled employees may remember their passwords and try and wreak havoc on systems or sell the credentials to a hacker.

Just like their consumer variants, business password managers will also offer extra security tools such as multi-factor authentication and, in some cases, identity management platforms.

Keeping your accounts secure doesn't have to be hard

David Sancho, Senior Security Researcher at Trend Micro, gave us the below guidance on the best practices for changing and remembering secure passwords.

"Despite advances in security technology, poor password habits continue to leave people and organisations vulnerable. For critical accounts such as banking and email, using strong, unique passwords with at least ten characters, including a mix of upper and lower case letters is a simple but effective way to stay secure.

Wherever possible, enable multi-factor authentication (MFA) to add an extra layer of security by requiring more than just your password to access accounts. For other accounts, a password manager can be a helpful tool to store login credentials in one location, rather than needing to remember them. For accounts where you need to manually enter credentials, such as streaming services on a TV, consider opting for a complex yet memorable password system, as entirely random passwords can be difficult to remember.

One approach is to create passwords that follow a simple, personalised logic. For example, the initials of a favourite phrase or song lyric + birthday (e.g., Chalstdow311282 from “Cry Havoc and Let Slip the Dogs of War”). For IoT devices such as smartwatches or fitness trackers, it’s crucial to change the default credentials right after setting them up as otherwise they can provide attackers with easy access to your device and sensitive information."

The Passkey Pledge for a Passwordless Future

To commemorate World Password Day (or at it will henceforth be known, World Passkey Day), the FIDO Alliance has released a survey on the usage of passkeys which found that 74% of consumers are aware of passkeys, meaning that consumers are aware of the potential value a passkey login experience can bring. To support this, the survey also found that 69% of consumers have enabled passkeys on at least one of their accounts.

Furthermore, for those who have used passkeys, 38% report enabling them whenever possible suggesting that some consumers already see the added user experience and security benefits passkeys bring. In fact, more than half of consumers believe passkeys are both more secure (53%) and more convenient (54%) than passwords. Many businesses and organizations have already signed the Passkey Pledge, including Amazon, Apple, Google, Microsoft, Samsung, and many more!

A pivotal moment

Andrew Shikiar, executive director and CEO of the FIDO Alliance, commented on both the recent survey, and the Passkey Pledge:

"This year’s World Passkey Day comes at a pivotal moment for user authentication around the world - with a rapidly growing number of service providers (including nearly half of the world’s top 100 websites) offering billions of user accounts the option to sign in with passkeys instead of passwords. Well over 100 organizations have taken the Passkey Pledge, indicating their commitment towards a future free from the risk and burdens of passwords.

Consumers are not only increasingly aware of passkeys, they’re using them more frequently: 69% of respondents to our recent survey are enabling them on at least one account, and 38% are now enabling them whenever possible.

Passkeys are so intuitive to use that once users integrate passkeys, they rarely go back. This is good for consumers who are frustrated by password reliant sign-in processes — 35% of whom said they experienced account compromises as a result of password vulnerabilities last year — and e-commerce retailers alike.

This shift isn't just about innovation or bottom lines; it's about rebuilding digital trust and creating a safer, more efficient internet for everyone."

How to make your passwords more secure

Until passwords are fully replaced by passkeys, there are still things you can do to keep your accounts secure.

For one, making your passwords as hard to crack or guess as possible is a good place to start, and there is plenty of guidance on how to do it. For one, you can use the three random words guidance as recommended by the UK's National Cyber Security Centre to create a password that is strong enough for most purposes. If you want to make it a little stronger, throw in some capitalization, special characters and numbers.

You can also used a password generator, which can usually be customized to cater to any special requirements that a service may place on a password, such as length, numbers, or special characters.

Experts recommend that passwords are no fewer than 12 characters, use a combination of characters, symbols, and numbers, and don't include names or common words (such as 'password'). Additionally, each password should be unique to avoid a hacker from obtaining one password and with it getting access to all of your accounts.

Most password managers have a built in password generator and if you pay for a premium service, many of them will throw in a dark web scanning tool to see if any of your accounts have been exposed in a data breach!

Account security doesn't have to be hard

"Passwords remain a challenge for many users, but the industry is doing its best to make it simpler and more convenient for people to log into their accounts whilst staying secure. Two factor authentication has been on offer for many years but without it being enforced by default, people have avoided the presumed inconvenience and stuck to their favourite few words or phrases for all their accounts," says Jake Moore, Global Cybersecurity Advisor at ESET.

"But due to it being worryingly easy to hack accounts like Facebook by exploiting simple or reused passwords, logging in with Passkeys continues to be rolled out, which offers stronger protection accounts. Using Passkeys across multiple devices makes it easy for people to sign into their accounts and removes the challenge of having to remember multiple passwords or using the same, weak two or three passwords for all accounts. Combined with the device’s biometric authentication, it can also make it extremely quick to enter an account. Making accounts simple to use yet robust is often difficult in cybersecurity, however, this easy to use, strong method of account protection will hopefully tempt users into trying it whilst protecting their accounts."

Free vs Paid password managers: what's the difference?

To discuss this properly, it's probably best to start with the similarities. Both types of password manager will have the same level of encryption and security protocols, such as multi-factor authentication. However, where paid and free password managers differ is often found in how much storage you have, how many devices you can use to access the password manager, and the number of additional features and nice to haves (such as vault sharing).

Most of the best password managers offer dark web monitoring alongside their app, allowing you to scan the dark web for any mention of you usernames, emails, and passwords to see if they have been leaked - and quickly change them of course. You may also find that paid services offer a better customer support, such as a live chat and remote support, and a VPN for no extra cost.

Whether a paid or free password manager is better comes down to the individual user, so I recommend taking a look through my guides to the best password manager, and the best free password managers, and considering which features are best for you.

Which password manager do you use?

For World Password Day, we asked our TechRadar Pro readers to vote on their favourite password management apps in our WhatsApp channel, and Google Password manager came out a winner! Quite a few of our readers choose to go without a password manager at all, and there are some popular alternatives too, take a look at our full findings to hear more.