How often do you guys change your database username and password? That's like an daily task to me since I'm a security freak.
It's not necessary if you know that the rest of your site is fairly secure. Also, it depends on how the passwords are stored in your database. I am assuming your hashes are stored using MD5. Although it is considered to be 'weak', a properly salted MD5 hash can take years to crack. Most hackers give up after a few days. Things to make sure you do: - Don't use dictionary words, or even a combination of dictionary words. - Use 3 of the following: lowercase, uppercase, symbols, numbers. - Use salting methods to store your hash. - DO NOT use standard salting methods, make up your own. (Hackers can be lazy. It takes to time write a cracker that can crack different forms of salted hashes) Other than that, just make sure you don't get keylogged.