Have you ever tried to change your password on Facebook? Google? Yahoo? Did you have to do an internet search to figure out how first? Don’t lie. I did and I’ve been behind a keyboard for a living for 20 years now. This unto itself creates a security issue because all of these sites (and more) recommend that users change their passwords frequently but they do not make it obvious where and how to do so.
Every site should have a prominent “Change Password” link at the top of the user account setting page. Not buried under “security settings” or a link to be sent by email for a password reset. Furthermore they should go to great lengths to insure their mobile apps have clearly presented options to change the account passwords and they should automatically log the account out from any other device immediately when the password is change.
Why the major sites have not made password changes and management a top priority is a bit of a mystery. I feel it may have to do with the fear of additional cost of support that may be required for users who change their passwords and then forget the new one or have trouble syncing passwords over multiple devices. Either way the scenario is the fault of the site designers who do not make changing and managing passwords more obvious and intuitive.