All passwords are set to expire after 90 days. These unpopular but necessary restrictions partially addresses two issues. Because their owners are unlikely to notice unusual activities, infrequently used computer accounts are particularly susceptible to attack. Expiring passwords forces the account owner to periodically perform some amount of activity. Password expirations also help to limit the length of time an active computer account can be subjected to unauthorized use. If an active computer account is compromised, it won't remain compromised forever because its owner will have to change the password.