Day 9
Generate New Passwords for All Your Online Accounts
DAY 9: Generate New Passwords for All Your Online Accounts
Yesterday, we set up your password manager.
Today, we’re putting it to work - we’re going through your online accounts and giving every single one a brand-new, super strong password.
Because if you’re still using the same password from your college Netflix login when they were still out here shipping DVDs in the mail, it’s time for a digital glow-up. We’re going full Marie Kondo on your old logins and creating strong, unique passwords for every account you own. Do they spark joy yet?
What’s up S’mores! I’m Shannon Morse, and welcome back to Day 9 of the 30-Day Security Challenge - the series where we make your digital life smarter, safer, and way less stressful. Every day, we’re breaking down one concept of online security and privacy to make the process less stressful, and to keep you from burning out.
If you’re following along, make sure to subscribe so you don’t miss the next video. You can grab the full 30-Day Challenge checklist and notes over at ShannonRMorse.com.
🧠 Why It Matters
Reusing or tweaking the same password across accounts is like having one key for your house, car, and gym locker. If someone copies it once, they’re in everywhere. We use different keys for different places in the real world, so why not do that online too?
In 2025, credential-stuffing attacks are still one of the top ways hackers break into accounts - and AI-powered tools can try millions of combinations a minute. So our goal today is to make your passwords unguessable and unusable to anyone but you.
Step 1: The Golden Rule: Every Password Must Be Unique
Here’s the number one rule of password management: no password duplication.
Every account should have its own password because you never know how a company is storing them behind the scenes. If one site gets hacked and you reused that password elsewhere, congratulations - hackers now have the keys to your entire online life. That’s why unique passwords are everything.
So, we’re going to AUDIT your passwords.
Open your password manager from Day 8 and run its security check or password health report.
It’ll flag:
Weak or short passwords
Reused passwords
Old ones that haven’t been changed in years
Any accounts involved in known breaches
Start with those. They’re your priority for regeneration.
Step 2: Use Your Password Manager to Do the Heavy Lifting
If you’ve been following this challenge, you already set up your password manager.
Now it’s time to let it flex a little. Open your manager and start generating random passwords for each of your accounts. Most password managers can autofill and update them for you automatically. If not, go site by site, click “Change Password” in your account settings, and let your manager create something strong and unique. Yes, it takes a little time - but trust me, this is one of the most important steps in your entire security journey.
Every good manager has a built-in generator. Set yours to create passwords that are at least 16 characters long and include numbers, symbols, and mixed case.
Hit “generate,” replace the old password, and save the new one. Done.
If a website limits length or special characters (cough banks cough), make a note so you can nag them on X (Twitter) later - politely. Because nothing makes a company learn from their mistakes more than a little bit of public shaming.
I’m being a little bit sarcastic here, but it is 2025 - we should not be limiting users to 8 character passwords or not allowing people to use an ampersand in their password. I should be able to make a 42 character passphrase with leetspeak if I want to.
Step 3: How to Create Strong Passwords (If You’re Doing It Manually)
If you don’t have a password manager yet, (hopefully you change your mind, but if you’re still sus about password managers, that’s fine, I can only give you recommendations based on almost two decades living in a cybersecurity world and being friends with hackers, but you don’t have to listen to a woman with colorful hair if you don’t want to) here’s how to do it yourself:
The National Institute of Standards and Technology (NIST) recommends using long passphrases made of random words - at least four or five.
Something like:
CorgiSpaceshipBananaNotebook!
toaster-nebula-47-sparkle-giraffe!
That’s actually harder to crack than short gibberish passwords - and way easier to remember. If you want to level it up, throw in some numbers, symbols, or upper/lowercase randomness. But please - don’t use famous quotes or song lyrics that are searchable. Hackers love those. Those kind of passwords end up in leaks and attackers throw them at login pages to spray and pray in the hopes that they’ll catch you with your pants down and gain access to your account.
If you’re finding this video helpful, a subscribe would me a lot to me. Subscribing is a simple and free way to support creators on youtube!
So if you’re following along with the challenge, hit that subscribe button and turn on notifications so you don’t miss tomorrow’s video. You can grab the full checklist and daily recap at ShannonRMorse.com.
BIG Patreon shoutout to to my smores! You can join them and support my channel by going to patreon.com/shannonmorse for perks like early video access and my private discord!
As usual, all the videos on my channel are free to watch, and I thank my youtube members and patrons for making that possible.
Step 4: Find All Your Accounts
Now, grab your notepad from earlier in the challenge - or open your password manager vault - and start tracking down all your accounts.
Here are some tricks:
Search your email for “Unsubscribe” or “Confirm your email.” Those usually reveal old accounts if you haven’t deleted all your old emails.
And if you find accounts you no longer use, delete them using JustDelete.me.
This part can take some time - so make a coffee, queue up a playlist, and chip away at it a few at a time.
Step 5: Keep It Fresh
Once you’ve updated your passwords, you don’t need to change them every month like it’s 2005. NIST actually recommends not changing passwords on a schedule unless there’s a breach. Instead, focus on making them long, unique, and stored safely in your password manager.
Do a quick rotation whenever:
You see a major breach in the news
You’ve logged in on a public computer
Your pw manager’s health report flags an issue
Step 6: A Pro Tip From Me
Inside my password manager, I have hundreds of logins - but I still memorize a handful of the most important ones.
My email, my bank, and my main social media accounts all have passwords I know by heart, and every one of them uses two-factor authentication, physical hardware keys, and passkeys.
That way, even if my password manager were ever compromised, my core accounts would still be safe.
Many sites now let you log in with passkeys instead of passwords. They use public-key encryption and are stored in your password manager or on a hardware security key like a YubiKey.
If a service offers passkeys, enable them! They can’t be phished, they can be synced (keep in mind - whatever devices or accounts are syncing passkeys MUST BE SECURED AS WELL), and they save you a ton of typing.
I’ll be going over passkeys and hardware keys soon, so if you want to prep for that, grab one from Yubikey if you don’t have one yet, and watch the videos on my channel explaining them.
🌐 2025 Update: AI and Breach Alerts
Modern password managers now integrate with breach databases like Have I Been Pwned to warn you instantly if a password is compromised.
Some even use on-device AI to spot leaked credentials or weak patterns - so turn on those notifications. Just make sure the analysis happens locally, not in the cloud.
💜 Outro / Call to Action
And that’s it for Day 9! You just did one of the hardest but most rewarding parts of this challenge - you cleaned house and locked down your digital identity. I think Marie Kondo would be very proud of you for decluttering and cleaning up your digital life.
Tomorrow, we’ll make those strong passwords even stronger with multi factor authentication.
Make sure you’re subscribed so you don’t miss it, and grab your 30-Day Security Challenge checklist at ShannonMorse.com.
I’m Shannon Morse — stay smart, stay secure, and I’ll see ya tomorrow, S’mores! 💜🔐