You can impose password aging restrictions to ensure that user passwords do not stay active for long periods.

ESX imposes the following password aging restrictions for user logins by default.

Maximum days

The number of days that a user can keep a password. By default, passwords are set to never expire.

Minimum days

The minimum number of days between password changes. The default is 0, meaning that the users can change their passwords any time.

Warning time

The number of days in advance of password expiration that a reminder is sent. The default is seven days. Warnings are only displayed when logging directly in to the service console or when using SSH.

You can tighten or loosen any of these settings. You can also override the default password aging settings for an individual user or group.