If we change the default token policy's maximum lifetime from 90 days to 365 days, what would be the next date for a user when user would have to change the PIN. Will it be 365 - number of days user last changed the PIN or it will be 365 days from the day policy was changed.
Regardless of policy, the date of last pin change is always recorded. So, policies calculate days since last pin change, not considering the date of the policy itself. Set a pin 10 months ago, set 365, your pin needs to change in 2 months. Set a pin last week, policy set to 365, you get 51 weeks before pin change.