How to Force User to Change Password at Next Login in Linux

In our last article, we’ve explained you how to change user password expiry information in Linux, where we looked at different examples of the chage command. In this article, we will elaborate on how to forcefully make a user to change his/her password at the next login in Linux.

Read Also: 3 Ways to Change a Users Default Shell in Linux

Note that if you have just created a user account with a default password, you can also use this trick to force that user to change their password upon the first login.

There are two possible ways to achieve this, as described in detail, below.

Using passwd Command


To force a user to change his/her password, first of all the password must have expired and to cause a user’s password to expire, you can use the passwd command, which is used to change a user’s password by specifying the -e or --expire switch along with username as shown.

# passwd --expire ravi

Next verify the user ravi’s password expiration and aging information with the chage command as shown.

# chage -l ravi
Check User Password Expiration Information

Check User Password Expiration Information

After running the passwd command above, you can see from the output of the chage command that the user’s password must be changed. Once the user ravi tries to login next time, he will be prompted to change his password before he can access a shell as shown in the following screen shot.

User Forced to Change Password

User Forced to Change Password

Using chage Command

Alternatively, you can use the chage command, with the -d or --lastday option which sets the number of days since January 1st, 1970 when the password was last changed.

Now to set the password expiry of user, run the following command by specifying the day to zero (0), means that the password has not been changed since the above date (i.e. January 1st, 1970), so the password has literally expired and needs to be changed immediately before the user can access the system again.

# chage --lastday 0 ravi
OR
# chage --lastday 1970-01-01 ravi

Next check the user ravi’s password expiration and aging information with the chage command using -l option as shown.

# chage -l ravi
Check Password Expiration Information

Check Password Expiration Information

Here are some additional user management guides for you.

  1. 11 Ways to Find User Account Info and Login Details in Linux
  2. How to Delete User Accounts with Home Directory in Linux
Conclusion

It is always recommended to remind users to change their account passwords regularly for security reasons. In this article, we have explained two ways to force users to change their password in the next login. You can ask any questions via the comment form below.