I know others are moaning about having to change their passwords but I know that I haven't changed my BAEC password in a very long time. From a security best practice point of view it's probably time I did, and if it encourages / compels others to do the same then it's not a bad thing.