When would you use the "password never expires" option?

I'm simply wondering when you should set a user account so that the password never expires. On what accounts is this a good idea?


Solution 1:

The one place I can see it being justified is on service accounts. Typically you don't want a service account password to simply expire which could cause all the processes that account runs to fail. Interactive user accounts should always have passwords follow the password policy.

You have to make sure if you do set service accounts to not expire that you have good processes around querying these accounts and making sure you manually reset the passwords at some interval. There are compliance standards in a lot of industries that will mandate all account passwords get changed at some specific interval.

Solution 2:

Automated scripts may use it (I've run into issues on systems where scheduled tasks where failing silently because the owner's password had expired). Obviously this was for non-internet facing services.

Solution 3:

Service/utility accounts.