How to Force Users to Change Their Passwords

Protect the security of your Linux system by forcing each authorized user to choose a strong password and to change it periodically.

User Password Expiry Information

To display a user's password expiry information run the following command:

chage -l login

The returned information reveals:

Force a user to change his or her password after a set number of days by using the following command:

sudo chage -M 90 login

Use sudo to elevate your permissions to run this command or switch to a user who has the appropriate permissions using the su command.

You can, of course, specify the number of days that suits your own security policy.

Set the expiry date for accounts as follows:

sudo chage -E 2020-08-31 login

If you run the chage -l command now, you'll see that the account will indeed expire on the 31st August 2020.

After an account is expired an administrator can clear the expiration date by running the following command:

sudo chage -E -1 login

Set the number of days after a password expires when an account becomes locked.

To set the number of inactive days run the following command:

sudo chage -I 5 login

The above command will give the user five days to access his account and change the password before the account becomes locked.

An administrator can clear the lock by running the following command:

sudo chage -I -1 login

Warn a user every time he or she logs in that the account's password is going to expire.

To expire the account in the next seven days, run the following command:

sudo chage -W 7 login

To prevent users from changing their password too often, set a minimum number of days before the password can be changed with the following command:

sudo chage -m 5 dave

It is up to you whether you enforce this option. Most people are lethargic when changing passwords as opposed to being obsessed with it.

Remove the limit by specifying the following command:

sudo chage -m 0 dave