Depends on the type of account, really. At work, due to extremely sensitive projects we are working on, we're required to change our passwords once every month.
But for forum internet accounts, as long as your password is a bit lengthy and complicated, your computer secure and you clear of surfing on shady websites (Ex. DownloadFreeGameWithoutSurveysToday.co.biz.uk) or such, you should be more than fine to keep it for quite a while :)
Here's a reference link by the UCSF on what's a bad and what's a good password.
https://it.ucsf.edu/policies/bad-passwords
Certain websites offer a "two-step verification" option. Where you may link a phone number or use an email address which the website will send a verification code to that email/number. So if an attacker is able to compromise a website/software account, and do not have access to the Cellphone/Email, they're unable to do anything. A good example of this is
Steam Guard
I could go on for hours and pages explaining Computer security and related things, but you can easily access already written articles and works on the subject via Google. But if you wish me to link some, ask ahead! :).
TL;DR : It depends. Don't be paranoid about it, but don't be lazy!