The mandatory password changes make less sense at my job. Some of us have to tell our IT department what our new password is, so they can update our access to certain servers. How can it possibly be more secure to have to send an email or call 2 IT guys and tell them your new password?