Best practice now is to not burn passwords regularly. Use good passwords and change only when there’s good reason to suspect they have been compromised. https://www.schneier.com/blog/archives/2016/08/frequent_passwo.html. Also, if you don’t use a password manager, or if you need a good passphrase for other reasons (like for your password manager): http://world.std.com/~reinhold/diceware.html
