What is the purpose of account expiration in access control?

The purpose of account expiration in access control is to limit lifetime access to sensitive resources. This mechanism is designed to enhance security by ensuring that user accounts cannot remain active indefinitely. By setting expiration dates on accounts, organizations can effectively manage and review access to critical systems and data, reducing the risk of unauthorized access from users who may no longer need access or whose access rights were granted for a temporary purpose.

In scenarios where employees leave an organization, project team members conclude their tasks, or access requirements change, expiration policies help ensure that access rights are systematically revoked after a defined period. This proactive approach contributes to mitigating potential security risks associated with abandoned or unmonitored accounts.

While other options, such as enforcing password changes or revoking privileges due to inactivity, play roles in account management and security posture, they do not specifically address the concept of limiting the duration of access through account expiration. Thus, the focus on account lifetime and its relevance in access control is aptly captured in this context.