Password maintenance should be done regularly without fail. I don't use a schedule. Instead, I change passwords sporadically, and some more than once a month. I have a rule...when I remember the password (without looking at what's written down), then its time to change the password. There are passwords that are easy to remember, and others that are t o r t u r e to remember. I suggest (from what I try to do), for frequently used sensitive accounts, change the password weekly, and keep a record of the change written down with a date. Pay attention to the confirmation emails your password has changed.
Face it. Get it done.
Keep passwords different and as unique as you possible can as in don't use common words. Write them down, and keep records with back up in a safe place.
...Soon after posting this, I receive a phishing email in an account that shouldn't get one. Soon after that a particular country visitor count is second to the Americans.