How to Force User to Change Password at Next Login in Linux?

For security purposes, system administrators often need to force users to change their passwords at the next login. Linux provides several commands to manage password expiration and enforce password changes. This article demonstrates how to force a user to update their password on next login.

List System Users

First, let's view all users available in the system ?

cut -d: -f1 /etc/passwd

The output shows all system users ?

mail
news
uucp
proxy
www-data
backup
list
...
ubuntu
uname1

Check Current Password Settings

Before making changes, examine the current password configuration for a specific user using the chage command ?

sudo chage -l uname1

This displays the current password policy settings ?

Last password change: Dec 30, 2019
Password expires: never
Password inactive: never
Account expires: never
Minimum number of days between password change: 0
Maximum number of days between password change: 99999
Number of days of warning before password expires: 7

Force Password Change Using passwd Command

Use the --expire option with passwd to immediately expire the user's password, forcing them to change it at next login ?

sudo passwd --expire uname1

passwd: password expiry information changed.

Verify the changes by checking the password settings again ?

sudo chage -l uname1

Last password change: password must be changed
Password expires: password must be changed
Password inactive: password must be changed
Account expires: never
Minimum number of days between password change: 0
Maximum number of days between password change: 99999
Number of days of warning before password expires: 7

Alternative Method Using chage Command

You can also use the chage command directly to set the last password change date to epoch (January 1, 1970) ?

sudo chage -d 0 uname1

This achieves the same result as passwd --expire and forces immediate password change.

What Happens at Next Login

When the user attempts to login next time, they will see a message similar to:

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for uname1.
Current password:

The user must enter their current password and then create a new password following system password policies.

Conclusion

Use sudo passwd --expire username or sudo chage -d 0 username to force users to change passwords at next login. This is essential for maintaining system security and ensuring users update their credentials regularly.