6 months to 1 year is good but the advise to change password is not necessary because if you set up a very strong password and your devices are protected well, why do you have to change it with another one?
I agree, but it's become part of (weird/bad) security practice on work field. On worse part, the system will force you to change password regularly.