In Australia, most organisations ask that you change passwords two to three times a year and its not that hard as I will show.
Why? Although I have spoken about some very sophisticated ways, people break into your POS system, the fact is that most hacks are not external but inside jobs. The hacker is known to the victim, and the cost is often huge. For example, I know of one retailer not a client of ours fortunately that had $250,000 stolen by an employee over almost three years.
How do these people get the passwords to do this, generally from poor password security, for example, they see it written down; they see it as you type it in, you tell them, etc.?
If you are reluctant to change passwords because of memory issues, here is a tip that although not as good as changing the password, this will help.
Say your password is yummycabbage
A password cracker like here will take about two months to crack it.
Now as its the 2 half of the year put in the front or the end either *2.* or a *B." If you want to be more creative by all means do so eg put in B2.
However just putting in now 2.yummycabbage means this password cracker will need two years.
Anyone inside your organisation that knows your password is yummycabbage will not be able to break in.
Change your passwords now.