Windows operating system will have an option for the system administrator to generate a policy in which, the password will expire after sometime. According to the system administrator settings, the password will expire in windows within a certain period. Keeping the password that expires after a certain period will aid the computer to be secure enough. The computer will force the user to change the old password into a new one periodically. It is always a nice idea to change the password regularly and to use a strong password every time.
The passwords are suggested to be changed periodically once in every 60 days to 90 days in order to restrict the reuse of stolen passwords. Once the password is created and when it is being used for some time, it is said to be exposed. The value of password will get reduced as the time passes and hence, they have to be changed. If there is any doubt about the password stolen, then it can be changed. It will not be beneficial to use a password after 90 days, if it was cracked by an unauthorized person within this period. So, password will have to expire after a short period even though it is created with the special characters and numerals.
The policy to lock the account if the user has tried the password for three consecutive times is one of the security features used commonly now-a-days. But, in earlier days as per the capacity of the CPUs, it was estimated that at least three months duration would be necessary for the person to crack the password forcibly. So, the general expiry period was considered as three months and was set as 3 months in the password security policies as well. Today, the computers became cheap and it is accessible by several illegal people. So, it became necessary to use the feature of using hashed password in the operating system. This will minimize the number of ways by which a password can be guessed and hacked.
Passwords should expire for another reason too. If the company is shifted to a new place and if the system admin can set the passwords of the users to expire at that shifting period, the users do not have the problem of remembering them or writing them on paper, which can also be lost. So, for those who forgot the passwords, the password expiry can be useful. There is also an option in windows to set the password expiry feature to be removed. Those who do not want to change their passwords periodically and those who are confident about the safety of their passwords can keep this option checked.