Is there a way to easily implement automatic invalidation of a password after certain amount of time?