Consider the value of data in the database and the likelihood of a security breach, when you determine a suitable password lifetime for your system. The United States Department of Defense recommends a maximum password lifetime of no more than one year. Administrators commonly set this parameter at 3 to 6 months (90 to 180 days).
To set a temporary password, you must assign a non-zero value to ExpirePassword.