There is also hope that this will reduce the risk of undetected security intrusions. In theory, any attacker who gains access will lose it when the password is changed.
Unfortunately, this seems unlikely to help in many cases. Although it is possible that changing the password after an intrusion has occurred will oust the attacker, it is usually trivial for an attacker to install a malicious code onto the system once he or she has gained access. This could be a ``back door" so that an attacker can pass through without needing to enter using a regular user's password again, or something that logs all the keystrokes a user makes, including those involved in changing the password. As such, changing the password is not usually sufficient if an intrusion has occurred, and should not be counted upon to limit the damage from undetected intrusions.