Weak password expiration policies can open you up to brute force and dictionary attacks. Passwords with over 90 days expiration time are unsafe.
Modify the password expiration time to ninety days or less.
Time to fix
This rule is linked to Common Weakness Enumeration CWE-521 Weak Password Requirements.