Company policy requires employees to change their passwords every 60 days. The security manager has
verified all systems are configured to expire passwords after 60 days. Despite the policy and technical
configuration, weekly password audits suggest that some employees have had the same weak passwords in
place longer than 60 days. Which of the following password parameters is MOST likely misconfigured?