I never understood the reasoning behind the time based password change. No one expects people to get a new key every six months for their home lock. No one expects someone to get a new ATM card every 6 months.
Physical tokens like keys don't require such frequent replacement because (in general) they are difficult to compromise without alerting the holder. Someone has to actually steal your key and take it to the hardware store without you noticing. Passwords, on the other hand, can be shoulder surfed, socially engineered, stolen with malware, stored in plain text in the database, shared with someone else, etc., and the user may have no clue his password is compromised. Also, if someone steals your key and robs your house, and there was no sign of forced entry, you probably would change the locks. But someone with your password could log in as you without you noticing for... well, maybe forever, depending on the system. I agree it can be overdone, but it is a good security practice and there is some logic behind it.
"Gotcha, you snot-necked weenies!" -- Post Bros. Comics