Password Rotation Planner

Password rotation planner

Safety rule: this export is based on categories and counts only. Do not add real passwords, recovery codes, security answers, card numbers, or account names unless the file is stored inside a private vault.

Account categories: Email and recovery, Password manager, Banking and payments, Work and admin, Cloud and backups
Risk level: Elevated
Current 2FA state: Mixed
Reused passwords to replace: 12
Deadline: May 27, 2026
Reminder cadence: Every 2 days

Rotation schedule:
1. [Do first] Day 1 (May 13, 2026) - Prepare the safe rotation workspace: Open your password manager, start with broad account categories, and do not paste real passwords, recovery codes, or account names into this page.
2. [Do first] Day 1 (May 13, 2026) - Rotate email and recovery: Change passwords, review recovery addresses, and sign out other sessions. Aim for about 1 reused password per active day.
3. [Do first] Day 4 (May 16, 2026) - Rotate password manager: Secure the vault login, recovery options, and enrolled devices first. Aim for about 1 reused password per active day.
4. [Do first] Day 8 (May 20, 2026) - Rotate banking and payments: Rotate, enable strong 2FA, and review recent transactions and cards. Aim for about 1 reused password per active day.
5. [Next] Day 11 (May 23, 2026) - Rotate work and admin: Rotate credentials, revoke stale sessions, and check recovery paths. Aim for about 1 reused password per active day.
6. [Next] Day 15 (May 27, 2026) - Rotate cloud and backups: Rotate passwords, remove unknown sessions, and review shared access. Aim for about 1 reused password per active day.
7. [Final pass] By May 27, 2026 (May 27, 2026) - Verify the new baseline: Confirm reused-password warnings are resolved, strong 2FA is enabled on priority accounts, and stale sessions or connected apps are removed.

Priority list:
1. [Do first] Add strong 2FA while rotating - Use passkeys, authenticator apps, or hardware keys on the same pass through each priority account.
2. [Do first] Email and recovery - This account group can reset or unlock other accounts.
3. [Do first] Password manager - This account group can reset or unlock other accounts.
4. [Do first] Banking and payments - This account group carries high identity, money, work, or device impact.
5. [Next] Work and admin - This account group carries high identity, money, work, or device impact.
6. [Next] Cloud and backups - This group still matters, but should follow the reset chain and high-impact accounts.

Safety checklist:
1. Use only categories, counts, risk level, 2FA status, deadline, and reminder cadence in this planner.
2. Never paste real passwords, account names, backup codes, recovery keys, card numbers, or security answers here.
3. Generate a unique password for every rotated account and save it directly in a private password manager.
4. Change primary email and password manager credentials before accounts that depend on them for reset links.
5. After each rotation, sign out other sessions and review trusted devices, recovery email, phone numbers, and connected apps.
6. Upgrade 2FA from none or SMS to passkeys, authenticator apps, or hardware keys on important accounts.
7. Set every 2 days reminders until the deadline, then do one final duplicate-password review.

Reminder dates:
1. May 15, 2026
2. May 17, 2026
3. May 19, 2026
4. May 21, 2026
5. May 23, 2026
6. May 25, 2026
7. May 27, 2026

Generated locally by https://passlock.to/tools/password-rotation-planner