How to Force User to Change Their Password on Next Login in Linux

Linux TLDR
Last Updated:
Reading time: 2 minutes

When you create a new user account and set a password for that account, the “password expires” status is set to never (ex: 0).

Apart from that, the “password inactive” and “account expires” statuses are also set to never, and your last password change will be the current date.

Because of users’ carelessness in sticking with their same password for years, their accounts might get compromised.

This can be avoided by administrators like you forcing your system users to change their passwords on next login.

Tutorial Details

DescriptionForcing users to change their password
Difficulty LevelLow
Root or Sudo PrivilegesYes
OS CompatibilityUbuntu, Manjaro, Fedora, etc.
Prerequisitespasswd, chage
Internet RequiredNo

Checking the User’s Current Password Status

Before forcing the user to change their password, we will check their current password status using the two methods as shown.

Using the chage Command

The following command will give the specified user (ex: “linuxtldr“) password information with labels.

$ sudo chage -l linuxtldr

Output:

Checking the user password information with labels

Using the passwd Command

The following command will give the specified user (ex: “linuxtldr”) password information without labels.

$ sudo passwd -S linuxtldr

Output:

Checking the user password information without labels

Forcing the User to Change Their Password on the Next Login

There are two ways to force users to update their passwords on their next login:

Using the chage Command

You can use “-d” or “--lastday” flag to specify the last password change to specified days (0 means password not changed).

$ sudo chage -d 0 linuxtldr

The above command will force the “linuxtldr” user to change their password on their next login.

Forcing to user to change thier password on next login

Using the passwd Command

The passwd can also be used with the “-e” or “--expire” flag to expire the specified user’s (ex: “linuxtldr”) account password, immediately asking them to update their password on their next login.

$ sudo passwd -e linuxtldr

The above command will force “linuxtldr” user to change their password on next login.

Immediately forcing user to update their password

Checking the User Password Status After Expiring

After you expire the user’s password to force them to update their password, on next login, the password status for the specified user will be changed to “Password must be changed” and the date will be set to “01/01/1970” as shown.

$ chage -l linuxtldr

#OR

$ passwd -S linuxtldr

Output:

Checking the user password status information

When the user logs in to the system next time, he will get the following prompt:

You are required to change your password immediately (administrator enforced).
Changing password for linuxtldr.
Current password: 

I hope you enjoyed reading this article.

If you have any questions, feel free to ask them in the comment section.

Join The Conversation

Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.