Let admins set an password expiration limit, so that user's are forced to change their passwords after X days (e.g. 90 days). Or at least have a report to that admins can see how long it's been since a user last changed their password, so they can request them to change it.