The API method API_Authenticate does appear to accept an hours parameter which seemingly can take an arbitrary large number (the default value is 12 hours). I tested it with a google of hours (1 followed by 100 zeros) and the response generated no error and assigned a valid ticket. However assigning a large value to hours will actually weaken your security as if anyone gains access to the ticket they could continue to use it for up to 100 years. I think this is true even if the password is changed in another session anytime during the lifetime of the original 100 year ticket. Also, just because an arbitrary large hours parameter is set there may be some other mechanism that limits the ticket lifetime that is not documented. I think it is a bad idea to rely on long ticket lifetimes.