Force the user to change their password after a set amount of time like Windows does. People become complacent and use the same password for everything. This would force the user to change there password so it is secure again. This is also a requirement for a number of different security certifications.