How to Force User to Change Their Password on Next Login in Linux

When you create a new user account and set a password for that account, the “password expires” status is set to never (ex: 0).

Apart from that, the “password inactive” and “account expires” statuses are also set to never, and your last password change will be the current date.

Because of users’ carelessness in sticking with their same password for years, their accounts might get compromised.

This can be avoided by administrators like you forcing your system users to change their passwords on next login.

Tutorial Details

Description	Forcing users to change their password
Difficulty Level	Low
Root or Sudo Privileges	Yes
Host System and Architecture	Ubuntu 22.10 (x64)
OS Compatibility	Ubuntu, Manjaro, Fedora, etc.
Prerequisites	passwd, chage
Internet Required	No
Discussed Tools in this Article

Checking the User’s Current Password Status

Before forcing the user to change their password, we will check their current password status using the two methods as shown.

Using the chage Command

The following command will give the specified user (ex: linuxtldr) password information with labels.

$ sudo chage -l linuxtldr
Last password change				                      	                : Nov 24, 2022
Password expires					                                        : never
Password inactive					                                        : never
Account expires						                                : never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	       : 7

Using the passwd Command

The following command will give the specified user (ex: linuxtldr) password information without labels.

$ sudo passwd -S linuxtldr
linuxtldr P 11/24/2022 0 99999 7 -1

Forcing the User to Change Their Password on the Next Login

There are two ways to force users to update their passwords on their next login:

Using the chage Command

You can use “-d” or “--lastday” flag to specify the last password change to specified days (0 means password not changed).

$ sudo chage -d 0 linuxtldr

The above command will force the “linuxtldr” user to change their password on their next login.

Using the passwd Command

The passwd can also be used with the “-e” or “--expire” flag to expire the specified user’s (ex: linuxtldr) account password, immediately asking them to update their password on their next login.

$ sudo passwd -e linuxtldr
passwd: password expiry information changed.

The above command will force “linuxtldr” user to change their password on next login.

Checking the User Password Status After Expiring

After you expire the user’s password to force them to update their password, on next login, the password status for the specified user will be changed to “Password must be changed” and the date will be set to “01/01/1970” as shown.

$ sudo chage -l linuxtldr
Last password change					                                : password must be changed
Password expires					                                        : password must be changed
Password inactive					                                        : password must be changed
Account expires					                                 	: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	        : 7

OR

$ sudo passwd -S linuxtldr
linuxtldr P 01/01/1970 0 99999 7 -1

When the user logs in to the system next time, he will get the following prompt:

You are required to change your password immediately (administrator enforced).
Changing password for linuxtldr.
Current password: 

I hope you enjoyed reading this article.

If you have any questions, feel free to ask them in the comment section.