I guess the real advantage is, if their server is temporarily compromised, they don't have to make me reset my password to get back in. But it's a per-site password, so the attacker can't use it elsewhere.