This is a contentious issue, and both sides are correct as far as they go,
however, there is a real need to either change passwords on a reasonably regular basis or have different passwords for different purposes.
The main reason security people tell you to change passwords on a regular basis is because most people will use the same password for just about everything; and once a password gets compromised in one location it's compromised all over. Another way around that is to have a set of very different passwords that you remember and use them for different levels of security needed for the site. For example, the password security needed to access a site where you have read only access, such as an on-line story site, you don't need high security; while password security for your on-line banking site does need to be very high security. If you have four or five and split their usage up based on the needed security level the chances of being compromised on the high level passwords are very low and it doesn't matter that much about the low level ones.
Another way is to have a different password for each log on you have, but this will soon have you going crazy trying to remember them or you end up making them too easy in order to make the easy to align with each log on / site.
Even using one or both of the above, you should still change them every now and then, but you can make the changes an annual or multi year event instead of a monthly one.
The biggest password security issue is when people resort to writing them down in order to be sure they have them right. Next after that is when they get disgruntled due to some security guy insisting they change each month so the password is made up of abusive phrases, and thus often easy to break.
