Here, finally, a piece by one of the leading experts in computer security, Gene Spafford, about where the "need" to regularly change your password came from, and why it won’t help much:
"In summary, forcing periodic password changes given today’s resources is
unlikely to significantly reduce the overall threat"
"This is DESPITE the fact that any reasonable analysis shows that a
monthly password change has little or no end impact on improving