Are my passwords stored?

No. The tool only stores the service name, a category and the last-changed date. It never asks for or stores any password. All data is kept in your browser localStorage and never sent anywhere.

How are the rotation intervals decided?

Each category has a default interval: 90 days for critical accounts like banking and primary email, 180 days for work and single sign-on, and 365 days for ordinary personal accounts. The next due date is the last-changed date plus that interval.

Should I really rotate passwords on a schedule?

Modern guidance, including NIST, recommends rotating only when there is evidence of compromise rather than forcing frequent changes that lead to weaker patterns. Many organisations still mandate periodic rotation, and rotating critical accounts after a breach is always sensible. Use this tool to match whatever policy applies to you.

What happens if I clear my browser data?

Because everything is stored locally, clearing site data or using a different browser or device will empty the list. There is no account and no cloud copy, which is what keeps it private. Re-enter your services if you switch browsers.

Can I track unlimited services?

Yes. Add as many services as you like. They are all stored locally and sorted by how soon each one is due, so the most urgent rotations always appear at the top.

Password Rotation Scheduler

Knowing which passwords are stale is the hard part of good password hygiene. This scheduler turns a pile of last-changed dates into a single prioritised list so you always see what is overdue and what is coming up, without ever handling the passwords themselves.

How it works

For each service you record three things: a name, a category and the date the password was last changed. The category determines a rotation interval, and the next due date is a simple addition:

dueDate = lastChanged + intervalDays(category)

The default intervals are:

Category	Interval
Critical (banking, email, root)	90 days
Work / SSO	180 days
Personal accounts	365 days

Each entry is then classified by how many days remain until its due date: overdue if the date has passed, due soon if within 14 days, otherwise ok. The list is sorted so the most urgent items rise to the top.

Privacy by design

Only the service name, category and date are kept. No password, hint or secret is ever requested or stored. Everything lives in your browser’s localStorage, so the data never leaves your device and there is no account to create.

Tips

Rotate critical accounts (primary email, banking, password manager) promptly after any breach notification, regardless of the schedule.
For everyday accounts, modern guidance favours strong unique passwords plus two-factor authentication over frequent forced changes. Set the interval to whatever your own policy requires.
After changing a password, update the entry so the next due date recalculates from today.
Because storage is local, your list will not follow you to another browser or device. That trade-off is what keeps it completely private.