Quote:February 1 is change your password day; while not official, many tech sites advertise the day to their readers. Users are asked to change passwords on that day to improve security.

While there are certainly times where changing passwords makes sense, e.g. after a breach of an online service, a successful virus attack, accidental sharing, or to increase the strength of a password, generally stating that one should change all passwords on that day never made a lot of sense.

I'd prefer the day to be renamed to "check your passwords day" instead. Users could test their passwords against the Have I Been Pwned database (locally), and change passwords that were leaked to the Internet.

Users could also check the strength of passwords and change passwords that are considered weak by the strength checking algorithms, or start using a password manager if permitted in the environment.

Two-factor authentication and other advanced security options, if available, are also worth considering.

Full reading: https://www.ghacks.net/2019/02/02/change-your-password-day-needs-a-counterpart/