Skip to main content
Customer Support Customer Support
Blog

🔐 Change Your Password Day: A Good Reminder, With a Few Caveats

  • January 29, 2026
  • 4 replies
  • 49 views
TylerM
Administrator
Forum|alt.badge.img+25
  • TylerM
  • Sr. Security Analyst & Community Manager

Change Your Password Day is February 1, which makes it a good moment to pause and do a quick gut check on account security.

That said, simply changing passwords on a schedule is not the silver bullet it once was.

 

Where we are in 2026:

• Stop reusing passwords across work and personal accounts
• Use a password manager if possible to generate long, unique passwords
• Turn on MFA everywhere it’s available
• Pay special attention to email, VPN, cloud, and identity accounts

 

💡 My personal recommendation: use passphrases

If you’re creating a password yourself, long passphrases are far more effective and easier to remember than short “complex” passwords.

For example:

snow white and the seven dwarves

Why this works:

  • Length matters more than special characters

  • It’s easier for humans to remember

  • Spaces count as characters if the system allows them

  • Long phrases dramatically increase resistance to brute-force attacks

(Use this as a pattern, not the exact phrase. Avoid anything famous or searchable.)

 

Looking ahead: passkeys and passwordless authentication

Even strong passphrases are still shared secrets, which means they can be phished, leaked, or reused.

That’s why the industry is steadily moving toward passkeys, a passwordless authentication method based on cryptographic keys tied to your device and unlocked with biometrics or a PIN. Passkeys significantly reduce phishing risk and eliminate many of the problems inherent to traditional passwords.

If you want a deeper look at how passkeys work and why they’re becoming the future of authentication, we break it down here

 

For MSPs and IT teams

From a security and usability standpoint, forced password rotation without MFA or identity monitoring often increases risk instead of reducing it.

Things to focus on instead:

  • Enforce MFA by default, especially for email and remote access

  • Monitor for breached or reused credentials

  • Reduce reliance on shared or static admin credentials

  • Educate users on passphrases instead of arbitrary complexity rules

If passwords are still part of your security model, they should be backed by strong identity controls today and treated as a stepping stone toward passwordless authentication, not the end state.

Change Your Password Day is a good excuse to clean up the basics and start modernizing where it makes sense.

 

      4 replies

      TripleHelix
      Moderator
      Forum|alt.badge.img+63
      • TripleHelix
      • Moderator
      • January 30, 2026

      Thanks ​@TylerM 😉

      Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 25H2 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
        Jasper_The_Rasper
        Moderator
        Forum|alt.badge.img+54

        Thank you ​@TylerM 

          ProTruckDriver
          Moderator

          Thanks Tyler, I’ve already changed a few of them, more to do. 😉

           Mac Mini, M-4, 24 GB Memory, 1 TB SSD, macOS Sequoia 15.7.3 Satechi Stand and Hub with SSD Enclosure~Backup with: Time Machine, iCloud & Portable SSD. PWM: RoboForm. An Apple A Day, Keeps Microsoft Away" 👁¿👁 Spam Annihilater 👁¿👁
            Ssherjj
            Moderator
            Forum|alt.badge.img+62
            • Ssherjj
            • Moderator
            • January 31, 2026

            Thank you ​@TylerM 

            IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
              Terms & ConditionsAccessibility statement