- Use strong passwords. Defined as 15 or more characters.
- Use a different password for each site or service.
- For your computer, enable full disc encryption (FileVault for macOS, BitLocker for Windows).
- Check monthly to see if any of your web accounts have been compromised. Do this by visiting both https://haveibeenpwned.com and http://hacked-emails.com.
- If an account has been compromised, change to a different strong password.
I do not see the need to change passwords on a regular basis if the above has been followed – unless you are a high-value target, warranting someone to devote non-trivial resources to hacking your accounts. If that is the case, changing passwords every 3 months or so is a common recommendation.