Jinn

Until unsalted hashes of everyone's passwords on a given site are acquired and rapidly decrypted with a rainbow table. If password storage on the server side is poor, like stored in plain text (I've seen it), or stored unsalted, there is another attack vector independent of the brute-force strength of your password. From Cyn's post, I assume he had a concern about server-side password security, and forcing users to change passwords is a great way to assuage that concern. It's part of the reason (good) sysdbas and network administrators enforce password complexity as well as forced obsolescence.

__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel