Its why I dont use two format verification, bad enough to have your password hacked but to lose your phone as well? I just do not consider companies are that secure so frequently changing password is my way.
I just checked my Bitwarden account - I have nearly 80 passwords saved there! Changing all of those frequently would be an absolute nightmare.
After having my passwords hacked a few years ago, I now use the following ‘system’.
(a) Separate email addresses for online purchases and personal matters
(b) Different passwords for each establishment (some 150+) that I deal with.
I have an algorithm that I use to create a unique, easily remembered passwords which is based upon:
2 special characters;
a 4 digit number unconnected to any of my personal information;
3 letters based upon the organisations’ name;
a two digit number unconnected to any of my personal information.