Ideally, you should change your passwords every month. With so many accounts and passwords, it can get overwhelming quickly. Given that, you should at least change them every 3 months, plus any time there is a security concern (such as when you see alerts indicating that someone tried to access one of your accounts, say, for example, Facebook).
Here are a number of insights and recommendations that should help keep your passwords and accounts a bit more secure.
1. Use longer passwords with upper and lower case letters, numbers and symbols.
Every character in a password increases its complexity and the time it takes to hack exponentially. Create passwords of 10+ characters using upper and lower case letters, numbers AND symbols for maximum effectiveness. Mis-spell words and mix symbols into and between them. Here are three examples:
G00d&$e(uritee (Good Security) - 14 characters
Jum8oD0nuts& (Jumbo Donuts) - 12 characters
TAft%WH1t1n%H1gh! (Taft Whitin High) - 17 characters
2. Use mnemonic tricks to help with passwords.
An easy way to add complexity is to include a reference to something you see daily. For example, if you drive by Jumbo Donuts or The Valley Bean every day, you could add JUm80 or V^11eY either before or after a smaller password like Back2Work. Now you have a password you are familiar with, made significantly stronger and still easy to remember.
3. Use "Sign In with Google".
This is showing up more and more. Once you have signed into your Google account with your properly long and complex password, you can single-click into a number of related (educational and otherwise) accounts without having to have a password for each.
4. Avoid personal information in passwords.
Phone numbers, spouse and children's names and so forth are readily available online and on social media and make for easy hacking starting points.
5. Don't re-use passwords.
Avoid using the same password (or derivatives) for different accounts. For example, if your password is Puppy2022-credit for your credit card account, don't use Puppy2022-mortgage for your mortgage account. If one account gets compromised, it creates an easy path to access other accounts.
6. Never Text or Email your passwords.
If your phone or email gets compromised, hackers now have easy access to other accounts.
7. Use 2-Step Verification/Authentication whenever possible.
This adds another layer of security to your accounts and usually provides you with timely alerts any time someone tries to access your accounts. You can then change your password and take appropriate further security measures to block access.