IAM account password policies should have a maximum age specified.
The account password policy should be set to expire passwords after 90 days or less.
Long life password increase the likelihood of a password eventually being compromised
Follow the appropriate remediation steps below to resolve the issue.
Limit the password duration with an expiry in the policy