Ideally, you use a few methods at once.
First check if the user is tampering with the system clock: whenever the program opens, it checks if the current date and time is earlier than the date and time it was last exited (which you encrypt to at least 1 file). Every few minutes it checks that the system time has gone forward that few minutes. Theoretically, someone could get 30 days worth of continuous use by reversing the system clock to the last exit, but even if they tried, hopefully one day they would turn the time back a minute too far and get caught or do it accidentally with the program running.
And then, what about having a kind of encryption technique that's very sensitive to fiddling: for example, have the last date and time exited encrypted by using the position of two '1' bits within each byte. This would require a few bytes per byte encrypted, but it would be sensetive to any changes made to the file to try to cheat the system. If there were not exactly two '1' bits within every byte then somebody has done something to the file. And, for the password, you could invert the expiry date (make all '1's into '0's and vice versa), but change the method depending on the month to make it even harder to cheat.
And of course, log how many times the program is run, and if it's more than, say, 200, then assume the person has very likely cheated.