The system must notify the users when their credentials are about to expire.
CWE-263: Password Aging with Long Expiration. Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.
OWASP-ASVS v4.0.1 V2.3 Authenticator Lifecycle Requirements.(2.3.3) Verify that renewal instructions are sent with sufficient time to renew time bound authenticators.