We do need to make sure that we are using strong passwords, but guidance has changed on the need to continually change those passwords. The National Institute for Standards and Technology (NIST), which codifies best practice cybersecurity controls, has updated their guidelines around digital identity. Instead of forcing individuals to change their passwords frequently and/or require a special characters or passwords which are more gibberish, they recommend creating long passwords out of pass phrases, such as “NIST passphrases make passwords easy!”. Long pass phrases are difficult to crack and yet memorable enough for the user.
Still, remember not to use the same password twice (use of a log in manager can help you here). Also, enable multi-factor authentication for applications which may have sensitive information (where you have to both key in a password and enter a code from your smart phone, as an example).