Tool #569 Online/Mobile/Text Banking VMS Config > "Online Banking Password and Security Settings" includes a setting labeled Expire stale passwords after xxx days of non-use. This means if a member does not log in within that period of time, they must answer all of their security questions in order to reactivate or change their password, before they can log in. The maximum allowed is 90 days, so a value 6 or 12 months is not currently allowed.
Remember that this process expires the password; it does not put the member into a "force change" state. We do not force a member to change a password if it is still being used. As long as the member can remember the answers to their security questions, they can reset themselves.
We do have a 30-day reminder warning that appears in online banking, which suggests that a member update their password, but at the current time we do not have the ability to force members to change on a specific time interval.