The old advice of changing your password every 90 days is outdated. Experts now recommend only changing passwords after a breach, or if you’ve shared them by accident. Instead, focus on using strong, unique passwords for each account and enable two-factor authentication.