diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index 48eeaa508c8..b0b30949fbb 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -738,9 +738,8 @@ Tools using the Varlink protocol (such as `varlinkctl`) or sd-bus (such as
 
 `systemd-ask-password`:
 
-* `$SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC` - takes a timespan or `default`,
-  which controls the expiration time of keys stored in the kernel keyring by
-  `systemd-ask-password`. If unset or set to `default`, the default expiration
-  of 150 seconds is used. If set to `0`, keys are not cached in the kernel
-  keyring. If set to `infinity`, keys are cached without an expiration time in
-  the kernel keyring.
+* `$SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC` - takes a timespan, which controls
+  the expiration time of keys stored in the kernel keyring by `systemd-ask-password`.
+  If unset, the default expiration of 150 seconds is used. If set to `0`, keys are
+  not cached in the kernel keyring. If set to `infinity`, keys are cached without an
+  expiration time in the kernel keyring.
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index aa45468402b..eba647aaef8 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -123,7 +123,7 @@ static usec_t keyring_cache_timeout(void) {
                 return saved_timeout;
 
         const char *e = secure_getenv("SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC");
-        if (e && !streq(e, "default")) {
+        if (e) {
                 r = parse_sec(e, &saved_timeout);
                 if (r < 0)
                         log_debug_errno(r, "Invalid value in $SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC, ignoring: %s", e);