When an Active Directory password is changed, the old password can be used with NTLM authentication for an hour after the change