Depends on the site if and when I change my password. General sites like this, a generic shared password works just fine. For financial and more personal sites, a strong password. I also use an open source stand alone password manager (not online) that works on all my PC's plus can run on a flash drive.

I have been online since the early days of 14.4 dial up and have had a thousand passwords over the years. As sites go out of business, who knows how your access info is handled. A few months ago I received an e-mail to my dump e-mail account that I use for odds and ends sign ups for information. I have had that same e-mail for 15 years. The subject of the e-mail was a generic password I have used for years. The body stated that they had my password and had hacked my PC and were monitoring it. Said they had recorded me through my webcam as I surfed porn sites and wanted 2000 bitcoin or they would send the recordings to all the friends on my address list. I knew it was a scam but some would get sucked in and respond. It was just a phishing expedition and I deleted the e-mail. If I would have responded, they would have known they had a live one even if the password was no longer used.