We often advise clients to change passwords regularly (say every 6 months) and use one which means something to them but can't easily be guessed by an attacker who doesn't know them personally.
Many computers users make the mistake of trusting the same password to protect their different online accounts, not realising that if one site gets hacked that may provide the key for hackers to break in elsewhere. Malicious attackers don’t have to do this by hand, they can use credential stuffing techniques to automatically throw databases of stolen usernames and passwords at a site to see which combination will grant them access.
So it’s important to ensure that all your passwords are unique, as well as being impossible to guess and hard to crack.
In the study not only did 72% of users admit that they reused the same passwords in their personal life, but also 49% admitted that when forced to update their passwords in the workplace they reused the same one with a minor change. Another article states that you should only consider changing your password if it has been compromised - assuming it was a secure one to begin with - but recommend changing it regularly without referencing an earlier one.
Read the full story at Graham Cluley