Changing passwords is a pain in the behind. But everyone should be doing this because of the Heartbleed security problems that have come to surface the last few days: http://www.techmeme.com/140410/p3#a140410p3
1. If you don't have a different password for each site you are doing it wrong! (Particularly for banks, email, and major social networks).
2. If your password isn't at least 12 characters long, you are doing it wrong!
3. If your passwords have ANY dictionary names in them, you are doing it wrong (things that appear in the dictionary).
4. If you aren't using two-factor authentication on EVERY site that offers such (Gmail, Facebook, Twitter all do) then you are doing it wrong.
5. If you aren't using a password manager like Lastpass then you are probably doing it wrong (I let it generate all my passwords now to make sure I get truly strong 20-character passwords).
Good luck out there!