Many people, including (I am embarrassed to say) myself, have given people advice to periodically change their computer passwords. The more I learn about computer security and human factors, the more I come to realize this is fundamentally bad advice.

A Boston Globe article from a couple of weeks ago explains this far better than I could.

My new recommendation: don’t use passwords at all. Use pass phrases: entire phrases or sentences all mashed together into one word, or better yet, strung together with unexpected*punctuation^marks. Memorize them to the extent you can, and use a “password vault” program for those you can’t. Don’t change them unless you have to.