- I took this 130-pound power station on an off-grid adventure - here's my buying advice
- Mystery Box Scams Deployed to Steal Credit Card Data
- I tested a robot vacuum with zero-tangling technology - here's my buying advice after a month
- Salesforce wants your AI agents to achieve ‘enterprise general intelligence’
- Embracing a Passwordless Future: Cisco's Journey to Seamless Authentication with Duo Passwordless
5 things to do on World Password Day to keep your accounts safe
World Password Day is a perfect time to think about the passwords you’re using and whether you should update them.
It may seem like there’s a random holiday for everything, but this one actually matters more than most. According to the National Day Calendar, security researcher Mark Burnett proposed the idea of a “password day” in his 2005 book Perfect Passwords, so that people would take a moment to update their login credentials. Inspired by that suggestion, Intel Security launched the first World Password Day in 2013. It takes place on the first Thursday in May — and this year, that’s May 1.
Also: How to set up Bitwarden for personal and work use – and why you should keep them separate
Keep in mind that data breaches and targeted attacks make the headlines almost daily. Dedicating a specific day in the year to password hygiene is precisely the kind of annual reminder people need. Think of it as a spring cleaning for your digital life: a chance to audit, update, and strengthen your online defenses. So, in honor of the day, let’s review some basic tips — from choosing stronger passwords to adopting next-generation passkeys — and how ZDNET’s guides can help.
1. Rethink your complex passwords
Today’s cybersecurity experts now emphasize password length over complexity. A strong password should be at least 15 characters long, ideally using a passphrase of unrelated words with symbols or numbers. Experts at the National Institute of Standards and Technology (NIST) say that recent analyses of breached password databases prove length is more important than complexity.
Also: How to generate random passwords from the Linux command line
See ZDNET’s 7 password rules security experts live by in 2025 for what else to consider when updating your passwords.
2. Get a password manager
Please stop writing your passwords down in a Google Doc or on a sticky note. It’s 2025 — you should really be using a trusted password manager. They’re incredibly easy to learn and set up. They store all your unique credentials behind a single, strong master password — and they can handle password generation and autofilling for you. What’s not to love?
Also: 1Password review: A premium password manager well worth the money
Some of the most popular password managers are 1Password, Dashlane, and Bitwarden. ZDNET rounded up our expert-tested top picks for consumers; for business owners, check out the best password managers for businesses.
3. Enable multi-factor already
A password alone isn’t enough anymore, sadly. You should enable multi-factor authentication (MFA) wherever possible, starting with your email, banking, and social accounts. ZDNET’s Ed Bott explains why MFA is absolutely essential in 2025; the TL;DR: adding a second factor to your password — like an authenticator app or hardware key — slashes the odds of a successful hack.
Also: This new Android feature protects your phone, even if someone has your PIN
4. Use a passcode vs. biometrics
The law around phone unlocking remains unclear, but legal experts say passcodes may offer stronger protection than biometrics. Courts often consider passcodes protected under the Fifth Amendment, while biometrics like fingerprints or facial recognition may not be. If you’re concerned about being compelled to unlock your phone with a biometric and wondering whether a passcode is a better option, experts interviewed by ZDNET’s David Berlind suggest that, for now, a passcode is likely the safer choice.
5. Experiment with passkeys
Passwords aren’t going away just yet, but it’s a good time to familiarize yourself with passkeys and start experimenting with them today.
These cryptographic credentials live on your device instead of a server, offering better security, protection against phishing, and a smoother login experience. As ZDNET’s David Berlind explained, the road to widespread passkey adoption has been long and bumpy — partly because users still default to passwords, but also because they’re nervous about them and getting locked out. They face unfamiliar processes, inconsistent support across apps and devices, and confusion in general about how passkeys work.
Also: What are passkeys? How going passwordless can simplify your life in 2025
Despite all these hurdles, many believe a password-free future will happen — and that it’ll be worth it.
A final, cautionary tale
ZDNET recently reported on a software engineer who fell victim to a malware attack after unknowingly downloading a compromised AI tool, giving hackers full access to his personal computer for months. The attackers stole his unlocked 1Password vault along with other personal data — not because the password manager failed, but because the malware had complete control of his device.
Also: The best security keys: Expert tested
The key takeaway: No single tool can protect you completely. That’s why using multi-factor authentication is essential, and following the other tips in this guide can only help. It’s also a good reminder to be cautious with untrusted software. So, on this World Password Day, take a few minutes to review your passwords — and your software — and strengthen your online defenses.
Stay ahead of security news with Tech Today, delivered to your inbox every morning.
