One possible answer: Because tenured faculty can call up the helpdesk and get policies reversed, because they're tenured and the helpdesk isn't.

Another possible answer: Many systems can't prompt for password changes, and will just continue to log you in (because, especially for remote-access systems, that's better than denying access and hoping you find another way to get logged in). Probably the lazier of the users also don't use very many of the computing facilities, and may just use a few legacy systems.