Re: What!?
Change frequently leads to passwords being written down, too. Or reliance on electronic storage. It's also less secure: If someone has gotten in once, they'll have the means to do so again*. Meanwhile you're convinced you're secure because you've just changed your password.
According to the UK Cyber Security advice, It's better to look for unusual behaviour and flag that, and to ensure long, complex passwords that the user can actually remember.
*shoulder surfing is one easy way to get a password. So is interception of the messages. Short passwords are easy to get with either of this, but long passwords, particularly if they look like two or three shorter passwords shunted together, are hard to get 'over the shoulder' and may exceed the buffer for intercepted passwords.
And as ever, reliance on password stores just creates a single point of failure. Sure they may seem secure, but if a hacker gets in, they now have all your passwords, and what they're for. Sure, spread them out over several stores, but that also increases your exposure to hackers. Where as they can't hack your mind, and if you can train yourself to remember a password through an alias (Penguins! Oh, yes, PinkPufferPenguines. But I make changes, so it's P1nk!pUff3r:P3ngu1n3es! - that's a rather tricky one to guess, to crack, to get by reading over your shoulder, and at 23 characters long... upper/lower/numeric/symbol... and with a spelling mistake... good luck getting that one. Just don't use it 'cause it's an example of how to create a complex password that's easy to remember, hard to crack et al)