Deploying Office SharePoint Server 2007 with ISA Server 2006:
In the following link read the paragraph “Password Management”
It is good security policy to require your users to change their passwords on a regular basis. Users who are not in the office on a regular basis need a method to change their passwords when they are not in the office.
When using forms-based authentication, you can inform users that their passwords are going to expire in a specific number of days and you can enable your users to change their passwords so they do not expire. Users will also be able to change an expired password. “