I don't get it. Has there been a rash of identity thefts of people stealing passwords and spoofing individuals on the Internet? I haven't heard much about that kind of activity since the 1990s. Admittedly, I am not privy to a lot of security discussions on the web, but still, all the tempest over users' passwords seems to me to be a bit of misdirection. You see, where are the big security breaches? Not with an individual password being hacked. No, it's with somebody hacking the backdoor of a company and stealing millions of users' information - including their passwords.
Seems to me that forcing the users to update their perfectly adequate password is an attempt to show "See? We are all about the security! We force you to change you password and make it impossible to remember!" when they need to be watching their own practices and back doors for the far, far more egregious thefts.
Perhaps somebody can tell me that I am wrong.