The SANS institute and NIST establish password expiration is no longer effective
The SysAdmin, Audit, Network and Security (SANS) institute and the National Institute of Standards and Technology (NIST) has made it clear that password expiration is a dying concept. Password expiration had its time and place, but now its time for it to fade out of our security awareness practices.
View the link below for more information regarding password expiration