One of the thing I dislike online are websites that force you to change your password at regular intervals. This supposedly strengthens security but now FTC chief technologist Lorrie Cranor claims a growing number of security experts believe frequent password changes do little to improve security and very possibly make it worse by encouraging users to use passwords that are more susceptible to cracking:
A separate study from researchers at Carleton University provided a mathematical demonstration that frequent password changes hamper attackers only minimally and probably not enough to offset the inconvenience to end users.
Over the past few years, organizations including the National Institute of Standards and Technology in the US and UK government agency CESG have also concluded that mandated password changes are often ineffective or counterproductive. And now, thanks to Cranor, the FTC has also come around to this thinking. But don't count on everyone doing away with regular password changes.