Prudent time frame for changing router password?

Just once. Set it to something very strong: a long string of characters (say, 16 characters or more -- more is better), no words in it, using both upper- and lower-case letters, plus numbers and special characters.

Changing your password often is a protection against continued use of a stolen / guessed password. That is, changing your password is useful only *after* a bad guy has already obtained it. If no bad guy ever learns it, then there's no benefit to ever changing it. So if your password is strong enough that it can't be guessed, and if you're careful not to allow it to be stolen (don't write it down on a sticky note on your office wall -- find a way to remember it without writing it down) then there's no need to ever change it (unless you're using software that forces you to do so).

The biggest challenge is finding a way to remember your long, strong password.. but there are lots of ways to do that.

> If the backdoor is not closed, it matters not what your password is

Very true. There are several ways that bad guys could compromise a system that's protected with even the strongest password... software or hardware flaws as you mentioned; hardware or software keyloggers; a small hidden camera trained on your keyboard; interception of Wi-Fi or HTTP transmissions that include the password "in the clear"; reading the little yellow sticky note with the password on it, or breaking into the password database on systems where there is such a thing; and there are others.

Changing your password frequently doesn't help with any of this -- in fact it makes it harder to maintain a good strong password without writing it down. It limits the damage after you've already been hacked, but that's all it does.

> The Engineers at Schneider and Outback have told me their web portals are very safe. I still wonder about it though. I monitor about 25 systems and although I can only read the data (The portals do not allow changing settings)  I do not know enough about the safety that I am told is designed in.  Comments on this?

When they say their web portals are safe, what do they mean? Could be:

a. They allow only SSL / HTTPS to communicate with the portal; and/or
b. They use strong crypto once an SSL / HTTPS session has been established; and/or
c. They don't store sensitive data unencrypted on their own machines; and/or
d. They control and limit physical and network access to their web portal server machines; and/or
e. They regularly apply security patches to their servers' operating system and to their web server; and/or
f. Something else

Just as a curiosity, I notice that www.outbackpower.com accepts HTTP (non-encrypted) access -- that is, you can access their site via http://www.outbackpower.com/.

In contrast, try the steakhouse at http://www.outback.com. You'll see that the steakhouse automatically upgrades you to an encrypted HTTPS session -- that is, it re-directs you to https://www.outback.com (https, not http) and it presents an X.509 certificate from Entrust that gives you some assurance of who you're talking to.

So as a very quick first impression, I'm more impressed with the web security at Outback Steakhouse than at Outback Power. (Although maybe their customer portal is locked down more tightly than their main web page is?)