Check or Attack Name: Password Never Expires

The user has a password that will never expire. Unless the user is used for a service account and has a very strong password, this setting will lower your security level, as an attacker has an unlimited amount of time to guess the password, and an unlimited amount of time to use the password once it is guessed.

Remove the Password Never Expires option:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the user from the list.
3. From the User menu, select Properties to display the User Properties dialog box.
4. Clear the Password Never Expires check box.
5. Click OK.