How to change all Magento admin passwords

It is recommended to use at least 10- character, computer generated passwords. In case of a breach, you can assume that all passwords have been intercepted, so they should be changed as soon as possible. The following CLI script may help:

n98=n98-magerun2
$n98 admin:user:list --format=csv | grep ,active | while read row;
do
     user=$(echo $row | cut -d, -f2)
     pass=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w10 | head -n1)
     echo "$user -> $pass"
     $n98 admin:user:change-password "$user" $pass >/dev/null
done

Use n98-magerun for Magento 1

Don't forget to also change passwords for:

1. Your database (update env.php/local.xml/wp-config.php as well)
2. Your hosting account: both your server and your control panel. Also make sure that no malicious SSH keys have been added.