In running a hosting company, I see a lot of passwords that just don't cut it. They are ones that are can be guessed, looked up in a dictionary, and some that even try to use their username as their password. Worse, I've seen people use the same passwords for different accounts. Their email accounts, mysql database password, their hosting accounts, etc all have the same password. This is really a bad idea.
I've had the displeasure to experience people's hosting accounts being compromised. This is because of a poorly designed script being installed on their account where their mysql username/password could easily be viewed. Since they used the same password for the mysql database as they did for their hosting account, the perpetrator was easily able to ftp into their hosting account and upload a script for sending spam along with a database of 100's of thousand of email addresses and send out the spam.
Passwords should be unique for each place you wish to use one. Especially if you are going to need more than one password in a place like a hosting account.
Your passwords should also be a minimum of 8 characters. They should not be a common word or a word that can be looked up in the dictionary. A combination of lower/uppercase characters along with numbers and special characters are the best to have. For example, dKsi38dk$@ employs a good combination along with a 10 character lenghth which would make it almost impossible to break.
Change your password often? Well, I don't. What for if it's not compromised? If I suspect it is compromised or possibly compromised, I do change it. But, in the example above, I really don't see a reason for ever changing it. Why? Well, let's say I change it to ADks&$48CX, another good password. But, it would seem to me that the chances of someone cracking either one would be about the same, next to nill. Changing it or not changing it is going to basically have the same result.
Keeping track of passwords would be the main problem. I literally have hundreds of passwords that I keep track of for various accounts I have, whether hosting accounts, email accounts, mysql accounts, affiliate accounts, and the list goes on and on. One solution is to use an Excel spreadsheet to keep track of the passwords. Be sure to back it up on disk or another computer.
An even better solution I use is a program called Password 2000. Last update on it was back in 2002, but, I've been using it for years and it's been very reliable. The passwords are saved in an encrypted file, it prompts you for a password before you can open your database. Allows you to generate a password and has many other features. You can view it at http://www.pwd2k.com
If you use FireFox, you can install an extension that will generate passwords for you. This is a handy little extension that allows me to quickly generate random secure passwords. There may be other similar extensions, but, this is the only one I've tried and am quite happy with it.
https://addons.mozilla.org/firefox/135/
If the extension doesn't install because you are using a version of FireFox greater than 1.5, try getting it directly from the author's site at:
http://mozmonkey.com/