When you create a new user account and set a password for that account, the “password expires” status is set to never (ex: 0).
Apart from that, the “password inactive” and “account expires” statuses are also set to never, and your last password change will be the current date.
Because of usersβ carelessness in sticking with their same password for years, their accounts might get compromised.
This can be avoided by administrators like you forcing your system users to change their passwords on next login.
Tutorial Details
| Description | Forcing users to change their password |
| Difficulty Level | Low |
| Root or Sudo Privileges | Yes |
| Host System and Architecture | Ubuntu 22.10 (x64) |
| OS Compatibility | Ubuntu, Manjaro, Fedora, etc. |
| Prerequisites | passwd, chage |
| Internet Required | No |
Checking the User’s Current Password Status
Before forcing the user to change their password, we will check their current password status using the two methods as shown.
Using the chage Command
The following command will give the specified user (ex: “linuxtldr“) password information with labels.
$ sudo chage -l linuxtldrOutput:
Using the passwd Command
The following command will give the specified user (ex: “linuxtldr”) password information without labels.
$ sudo passwd -S linuxtldrOutput:
Forcing the User to Change Their Password on the Next Login
There are two ways to force users to update their passwords on their next login:
Using the chage Command
You can use “-d” or “--lastday” flag to specify the last password change to specified days (0 means password not changed).
$ sudo chage -d 0 linuxtldrThe above command will force the “linuxtldr” user to change their password on their next login.
Using the passwd Command
The passwd can also be used with the “-e” or “--expire” flag to expire the specified user’s (ex: “linuxtldr”) account password, immediately asking them to update their password on their next login.
$ sudo passwd -e linuxtldrThe above command will force “linuxtldr” user to change their password on next login.
Checking the User Password Status After Expiring
After you expire the user’s password to force them to update their password, on next login, the password status for the specified user will be changed to “Password must be changed” and the date will be set to “01/01/1970” as shown.
$ chage -l linuxtldr
#OR
$ passwd -S linuxtldrOutput:
When the user logs in to the system next time, he will get the following prompt:
You are required to change your password immediately (administrator enforced).
Changing password for linuxtldr.
Current password: I hope you enjoyed reading this article.
If you have any questions, feel free to ask them in the comment section.
Join The Conversation
Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.