Routine password hygiene is the cheapest security upgrade you can give yourself. If you're rotating to a new password, finally moving a reused one into a password manager, or you just want a longer string than the one you picked when you signed up, the change takes about ten seconds from inside the app.
Unlike the email change, this one is a single-step flow. There's no confirmation link, no waiting on an inbox. Submit the form, get an "your password was changed" email for your records, and carry on.
Where to find it
The form lives on the Security tab of your Settings page, in the Change Password card on the left.
From the left nav, click Settings.
Click the Security tab along the top of the Settings page.
The Change Password card is on the left. Underneath the title it reads: "Update the password used to sign in."
The card to the right (Change Email) is for changing your sign-in address, which is a separate flow and worth its own article.
How to change it
Three fields and a button. In order:
Current password. The one you sign in with today. We ask for this so a stranger who walks up to an unlocked laptop can't quietly change the password and lock you out.
New password. What you want it to be from now on.
Confirm new password. Type the new one a second time so a typo can't lock you out of your own account.
Click Update Password.
The change is applied immediately — no confirmation email to click, no waiting around. You'll see a confirmation in the app, and you'll get a separate email a moment later telling you that your password was changed. That email isn't asking you to do anything; it's the audit trail.
If you ever see one of those notification emails and it wasn't you, that's your cue to reset your password and check your other accounts.
Picking a password worth keeping
There's a Security Tips card lower down on the same page with the short version of best practice. The longer version is the same advice you've heard from every security person you've ever met, and it remains good advice:
At least 8 characters, mixing letters, numbers, and symbols. Eight is the floor, not the goal. Longer is genuinely better — every extra character makes a brute-force attempt exponentially slower.
Don't reuse passwords from other services. The single biggest risk to most accounts isn't a clever attacker — it's a breach at some other site exposing a password that also happens to unlock yours. A unique password per service is the cure.
Use a password manager. 1Password, Bitwarden, Apple Keychain, the one built into your browser — pick one and let it do the remembering. You don't need to memorize a strong password if you only ever copy-paste it.
What happens to your other sessions
When you change your password, every device or browser where you were already signed in to Gold Silver Ledger gets signed out. The session on the tab you used to change the password stays active; everywhere else gets booted.
This is the right behavior, but it does mean a small bit of housekeeping after a change: phone, tablet, the browser at work, the spare laptop — anywhere you were signed in, you'll need to sign in once more with the new password.
If a sign-out somewhere unexpected catches you off guard, this is why.
The confirmation email
A minute or two after a successful change, you'll receive an email letting you know your password was updated. The email is informational only — there's no action to take and no link to click to "complete" anything. The password change has already happened.
Worth keeping in mind: that email lands at your current account email address. If you've recently changed your email and are unsure whether the change went through, that's where to look first.
Where to go next
Updating your email address: the other card on the Security tab.
[Resetting a forgotten password]: the email-link reset flow for when you can't remember your current password and so the Change Password form won't work.
[I'm not receiving the verification email]: the diagnostic checklist if a notification email isn't arriving.