After hearing about all the major websites getting hacked every few months, I decided to be proactive about improving online security.
Over time I began switching to a password manager, and I discovered that it had a feature to review the security of all your passwords for weak, blank, and reused ones. I tried running this and was daunted by how many issues it found and never got around to fixing it.
Then I came up with a solution: just change one password per day. It usually takes less than 5 minutes. The only annoying part is when your login info doesn't even work and then you need to go through a reset process of some sort (and maybe where the account got migrated to some other website where you have to sign up fresh).
Why do this at all, especially for sites you may no longer actively use? So many sites keep our personal info in their databases, even if we aren't actively using them. And to minimize the chance of that info being hacked, it's good to have as strong security as possible.
So along with changing reused or weak/blank passwords, I also took the time for each site to turn on 2FA if it was available for that site. You could argue that I could just turn on 2FA and leave the password alone, but I figured two levels of protection are better than one.
All in all, it took me about 3 months to get through the sites/passwords I cared about to make them all strong, turn on 2FA, etc. (and there were many days I skipped it if I was busy).
Here are the detailed steps in case you want to take on a similar such "daily password change" habit for yourself: