A:  There are conflicting opinions regarding this within the IT security field. Here is my recommendation:

  • Use strong passwords. Defined as 15 or more characters.
  • Use a different password for each site or service.
  • For your computer, enable full disc encryption (FileVault for macOS, BitLocker for Windows).
  • Check monthly to see if any of your web accounts have been compromised. Do this by visiting both https://haveibeenpwned.com and http://hacked-emails.com.
  • If an account has been compromised, change to a different strong password.

I do not see the need to change passwords on a regular basis if the above has been followed – unless you are a high-value target, warranting someone to devote non-trivial resources to hacking your accounts. If that is the case, changing passwords every 3 months or so is a common recommendation.