In this day and age, I have a bazillion things swimming around in my head, and having to remember 20+ passwords for various things only adds to that headache. They're not all mine, but for the ones I do have control over, I have a systematic method that helps me remember which passwords are for what, which simplifies the process to having to remember 6 unique passwords.
What really annoys me is when I have to change my password because it is mandatory procedure. Among throwing off my memory, other stupid things I have to deal with include getting locked out of trying to guess the right password, having to make variants of a password just because the site security doesn't support special characters (really?), and having to create a new password not even close to resembling the originals or variants just because you can't have a password matching the previous 5 passwords you had or something.
I won't doubt that this is an easy security deal, but to me, this is an inconvenience and a waste of my time. As far as I know, there's only four ways for my account information to get compromised:
-- I told someone.
-- Someone guessed my info.
-- Someone hacked their way in, computer or email or other.
-- Some asshat institution out there who I entrusted personal info to was negligent. Y'know, when laptops from Bank of America get stolen, or Chinese cyberspies get into the Pentagon?
For the first two, I can see how changing your password can better protect you. However, I have told NO ONE my information, account name or password or associated account info (except where your login name and screen name are the same and/or visible). There is no $up4 S3kr37 .txt file with this stuff. And there's pretty much no way in hell anyone would guess four of my passwords. Not that they're random stuff like 724FDEBF74, because I'm not sure having a random password is appreciably stronger than having a merely unguessable password. Even with the other two passwords, you're going to have to dedicate days to guessing correctly. Last but not least, I don't invest much of my time in social websites or services. Consequently, I don't have a Facebook, Twitter, or whatever.
In the majority of cases for the last two methods of intrusion, changing your password on a regular basis does zilch. Unless you change it every 6 hours or something, but that's pretty overboard.
In regards to social engineering, it's like a blend of the second and third cases. Maybe someone out there will devise a scheme clever enough to scam me of account info. But either way, changing passwords won't do much.
So am I the only one that doesn't like to change passwords? Am I being unreasonable? Am I missing something else?