You are an information system auditor of HDA Inc. You noticed that a database contains few administrative accounts with passwords set to never expire. This is required for uninterrupted business. Which of the following recommendations would BEST address the risks?