Our best practice for our own business and customers is to change passwords every 90 days . Not only for computers and servers, but also for network devices, websites, software, printers, etc. A way to stay on top of changing passwords for computers on the network is to define/enable the password policy group policy on your Windows server.
You have the ability to enforce password history, maximum password age, minimum password age, minimum password length, and ensure passwords meet complexity requirements. Keys to passwords strength is length and complexity. An ideal password is long and has letters, punctuation, symbols, and numbers. The passwords should be a minimum of 8 characters, unique from other accounts you use (Don't use the same one for another account), set up a re-occuring reminder in your calendar to change them every 90 days, your passwords should contain at least one capital letter, one number, one special character, and should not be a word in the dictionary. To manage passwords find one of the many password managers online that fits your needs. We have used KeePass on several occasions.Test your password with a secure password checker online and see if its worthy: https://www.microsoft.com/