Yes... definitely this!
I change passwords on everything every 6 months... lol
Best practice right here.
And don't use the same password for everything! Your Apple ID password should be completely unique from every single one of your other passwords IMO. And use COMPLEX passwords—- mix of uppercase, lowercase, numbers, and special characters.
The problem isn't Apple's security, it's the fact that people replicate their Apple ID passwords to other sites that are getting hacked. I experienced this a few years back. My Newegg account was hacked and they got into other sites simply because they had my Newegg login info and I used the same username and password combo on other sites.