Weak password expiration policies can open you up to brute force and dictionary attacks. Non-expiring passwords are unsafe.
Modify the password expiration time to ninety days or less.
Time to fix
This rule is linked to Common Weakness Enumeration CWE-521 Weak Password Requirements.