Very few (if any) accounts should have passwords that never expire. A non-expiring password allows attackers the greatest opportunity to maintain access indefinitely if they are undetected by other means. If an account requires a static password make sure it is extremely long, complex and random to help protect from brute-force attacks.
From the list on the left, find “No. of users with passwords that never expire,” click on it to highlight the selection, and click the “>” arrow to move it to the selection field (Optional: select the color of the chart using the drop-down menu).
When enforcement of a regular password change policy starts this graph should have a downward slope from left to right. Once the policy is in place the line should remain at a constant low level. Little if any growth is expected. If there are minor increases, proper documentation should be accompanied the account without a password expiration so it is monitored more closely for abuse, or misuse. Spikes or steady growth indicate a breakdown in following the password expiration policy which should be addressed administratively.