Microsoft has an outstanding recommendation for the maximum password age, a multiple of seven. The reasoning behind this is simple: your password will never expire on a weekend. Rather than choosing 60 days, choose 56 or 63.

One commonly missed justification for maximum password age is to limit the usefulness of a compromised username and password. Determining if a username and password has been compromised is usually difficult. After all, if a person has a username and password that he/she should not have, they are not going to intentionally do anything that would indicate that the password has been compromised.