If you have a computer account for work, you probably have to change your password between every 30 and 60 days. Some places have more stringent rules, others a little less, but this is typical.
So, do you, as an average Internet user, need to follow those same (annoying) guidelines?
Well, looking at the answer, from a realistic perspective, the answer isn’t quite as simple as a yes or no.
First, have any of your accounts been hacked. You may see suspicious activity, or maybe you got an email from a company. I got one recently from a game company who said that some of their accounts had been compromised, so they changed the passwords for everyone to be safe. I’ve also gotten similar emails from Amazon, Linked In, and other companies over the years.
If you got an email like this, or one of the scam emails saying you’ve been hacked, change your password! Today.
The theory of changing your accounts password, is that if you change your password before they can go through every option, then odds are, they won’t hack your account.
For a “normal” every day Internet user, the odds that you’re targeted are low, and therefore you don’t have to. You can opt to change yours every quarter, semi-annually, or even annually if you want.
I personally look at what’s the odds that this is hacked, and what’s the worst thing that can happen to me if it is.
Bank accounts, and any financials, get changed more frequently for that reason. Online stores, especially if they are a small store and probably don’t have a big security team behind them, or they store credit card info, get changed the next more frequently.
After that, it starts going down because the threat of what happens isn’t nearly worth going in and updating the hundreds of accounts I have scattered throughout the Internet.
Regardless, always check your password strength, remembering that a long password is better than a short one. And use a password manager if you need to.