Changing passwords is a "left over" from the days when programmers didn't put code in to
prevent "brute force" attacks.
The modern way is to detect multiple login attempts and disable the account for a limited amount of time.
Disclaimer : CCBill knows people make shitty passwords like "qwerty"; so making the dumbass change it works.
