passwords or access keys. It is recommended that all credentials that have been unused in 45 or greater days be deactivated or removed.
Disabling or removing unnecessary credentials will reduce the window of opportunity for credentials associated with a compromised or abandoned account to be used.
Leaving unused credentials active widens the scope for compromise.