Posted 22 March 2009 - 05:57 PM
The best reason is that it protects against unknown intruders. Say, for example, that your password became know to a malicious user. It doesn't matter how they got it, they got it and that's the important part. They wouldn't want you to know that they have access to whatever it is you're protecting with the password. You just go on like normal exposing the secrets you think are safe to someone who doesn't have your best interests at heart.
However, if you change you password regularly then this person is suddely out of luck. The more often you change it, the shorter the window of opportunity for the malicious person should they comprimise your password.
Granted, you needn't go nuts on every password you have. But important ones like your online banking password, your VPN password, passwords which protect highly sensitive information like credit card numbers or Paypal accounts ought to be changed regularly.
The downside to changing passwords regularly is the human capacity to forget things. there are stories of companies who imposed ridiculously strict password policies on their employees, and all that it accomplished was to make the employees write their passwords on post-its and affiv them to their computer monitors. Suffice it to say, that was not the intention of the policy!
Choose a good, strong, random password consiting of at least 8 characters, including numbers, upper and lower case letters, and symbols (¢, Æ, Â, ®, ©, are good choices, for example) and you needn't change it for, say, six months.
In any event, be observant for unusual behavior with regard to such accounts. If money goes missing, find it, if credit charges are showing up that you don't remember, report them. And be ready to change your password at the first indication of a comprimise.