Originally Posted by
LordEntrails
My take on password rotation/change is driven by two things, let me know what you think;
1) Because if a website is hacked, it is unlikely you will be informed of the breach in a timely manner. If you change them regularly, it would be less likely you would be compromised as part of a secondary data user (i.e. someone who buys the breached data after the original user has done what they intend with it).
2) If you don't use unique passwords (which is a bad habit, but one I suspect a vast majority of people do), then when #1 happens, you are exponentially exposed (and not ina good "kilt" kind of way!)