It is one really stupid thing that Authorize.net  and Chasepaymentech forces the user to change their password when the user doesn't want to change it.  There should be an option to allow the user to choose if they want to change their password after 30 or 90 days.  Especially for companies that have many users, being forced to change passwords causes a lot of problems and users will often forget the password.   I am considering using another company because of Authorize.net forcing users to change passwords. It should be the right of the user to not change it.