I can construct a totally-secure password and memorize it. I cannot remember a new complex password every three months. Sites that force me to do that require me to write down the password somewhere, and that is less secure than allowing me to keep my password.
No, it isn't. The main threat you are defending against when using strong password on internet-accessible services is from remote attacks. They have access to time, computers, and dictionaries of weak or stolen passwords to plow through. They don't have access to the pad of paper on your desk with your strong password written on it.
A lock on your door won't keep burglars out. It will just make the door a more difficult entry point than, say, breaking a window or cutting through a wall. Perhaps it will make the burglars decide that your neighbor's house is an easier target than yours.
There are various ways a hacker may gain access to my accounts. But if and when they do, it won't be by guessing my passwords, because those are more difficult to guess than other ways over which I have no control. As long as nobody has come close to guessing my password, there is no good reason to force me to change it.
Note also that standard good procedure for web sites is to block access entirely after a specific number of failed attempts. So a hacker can only try three or four, or maybe at most ten guesses before the account is locked and I am notified. If I was not the one who was trying wrong passwords (because I forgot mine) then the alert will let me know that something is going on. And even then, changing the password is not necessarily the best choice, since the hacker didn't get in.
Again, I don't use guessable passwords.
It would be much easier for someone to bribe a banker into turning over my social security number and then calling the bank and pretending to be me, as a reporter did with a friend of his (with permission) to show how easy it is to hijack someone's account using information about them that's easily available.
Strong passwords are not the weak link in account security. The problem with passwords is just the people who use weak ones, or who don't even bother to change the default password. And even then, social engineering is probably responsible for more hacked accounts than anything to do with passwords.