I feel the urge to get people to change passwords on a regular basis is mainly to keep changing it up in case its been compromised. If it was compromised somehow but not targeted yet, then it would be a time bomb. But if it changes on a regular basis, the window of opportunity for someone to do anything with it is limited.
In the corporate world passwords are changed regularly and there is a timer that after say 90 days you have to change it, and 14 day before it expires your warned to change it. They also require passwords to conform to a specific type of complexity to harden the network access.
On my home computer I have been using the same password for local system access for the last 8 years. There is no need to change that on a regular basis. I use complex passwords everywhere, but only change my banking and credit card access passwords and security questions on a quarterly basis. Additionally with security questions the answers I gave have absolutely nothing to do with the question choices such as if the choice is whats your favorite color I might use something like Neptune1984$ and your first car, I would use something like TitanicSunk@1912 this way common dictionary attacks wont work its too abstract to conform to any known list.
For websites that arent critical, I rarely if ever change my password and security info. If its compromised the worst they would be able to do is play my video game online and remove items from the character etc.
As far as browser deleting passwords that are set to remember, i haven't run into that with Firefox yet. Do you think that you may have dumped your history and cookies etc during that time at all? Paypal for example I had not used for quite some time, and the other day I went to buy an item at amazon and it remembered me and I didnt have to logon to paypal, I was in and just needed to specify what account to pay from etc.
As far as if changing your password makes it better.... I would say it makes it better at keeping people out if they have access to your account and havent already acted on doing something bad. Their opportunity is gone unless they get the new password or know your security reset questions to gain access no matter what your password changes to. So they should really have to change security reset info too and have it to where you can specify the question and answer to eliminate dictionary attacks to try to gain access to peoples accounts or at least prompt people to change their security info regularly. BUT with this comes the risk of locking yourself out of an account and unable to prove your the owner losing access to it forever, so this info should be stored in a book in safe keep that no one has access to but yourself.
A password like dfX(jr37&^0 , someone would have to really want access to your account and I would think only if a keylogger or some other means of gaining access to your actual password would anyone or any automated authentication process be able to get in. You have 11 characters, and I would think that they would need to hit it with an alpha-numeric with special character counter that starts at say aaaaaaaaaaa and runs all the way to say ########### with every combination of upper and lower case and all that. With a properly configured authentication service I would think that hopefully they have a counter that after say 5 failed attempts it places the account access into a 15 minute time out process or longer to keep hackers from trying to brute force access through use of every combination until access is granted.
I am thinking your password to be guessed is around 11 to the power of 72 and it could take quite a while if the authentication is set up properly to lock out after x-many failed attempts.
On a project I was working on with 89 characters trying to find a value to which the input and output comes out the same, I ran it 1 Billion times on an 8-core 4.0Ghz AMD FX-8350 CPU which each of the 8 cores processing 125 Million attempts each to find where in a shuffle of 89 characters, where every shuffle is unique from the prior, searching for the iteration in which the end result ends up being the same as the initial input and it took 7 days and no match found. I deemed it not worth running this test further as for it would take a month to run 4 Billion attempts at finding this which I believe exists mathematically, but its out there somewhere and its not within the first Billion tries. And 48 Billion attempts could be achieved in a year with one system running non stop. The temptation is there to find this, but I dont want the electric bill that comes with finding that value.
When running this search, I removed the gaming GTX video card and removed the HDD to run only on the SSD, so it was the bare minimum to run it and lowest power consumption state that I could get this system to without detracting from performance. *I suppose if I knew of a way to tap into the GPU for processing I could make more use of this system to test for more values in the same amount of time, but that is way beyond what I know in C++ programming. With the farming for coins etc using GPUs, I know it could be done, but I doubt it can be done easily to specify for it to be executed on the GPU and not the CPU.