Like Windows systems, Linux and Ubuntu users can be forced to change their password at next logon. This allows a user to logon with current password and immediately be prompted to change it.
Once you have created a new user on your Linux system, you may need to prompt them to change the password at the next login to comply with the password policy.
This ensures that they set a different password – and a strong one for that matter- to thwart any brute-force attempts by malicious users or hackers. This ensures the safety of the user's account.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related Server management queries on Ubuntu Linux Systems.
In this context, we shall look into how to compel a user to change the password at the next login on any Linux distribution.
The passwd command is mostly used to assign or change a user’s password on a Linux system.
For instance, to reset the password of a user called linuxapt, simply execute the command below as root user:
# passwd linuxapt
You will be prompted to provide a new password for the user account and later confirm it.
Aside from setting or changing a user's password, the passwd command can also be used to compel the user to change the password once they attempt to log in the next time.
This is possible using the syntax provided.
# passwd -e [username]
The -e option (also expressed as –expire) simply expires the user account's password and forces the user to change the password on the next logon.
For example, to retire linuxapt's password simply run the command
# passwd -e linuxapt
OR
# passwd -- expire linuxapt
Thereafter, you can verify the password expiry or aging information by running the chage command as shown.
# chage -l linuxapt
From the output, we can clearly observe that the password for user linuxapt needs to be changed on next logon.
On the next login attempt, the user linuxapt will get a notification that their password has expired and should be changed before proceeding.
The user will be required to first provide the previously used password, then enter the new password and then confirm it.
Basically, the chage command gives insights about the user's aging information.
You can also use the command to expire a user's password and force them to change it on next logon.
You can achieve this using the -d option followed by 0 which implies day zeo.
Also, you can use the –lastday flag that specifies the number of days since the epoch ( January 1, 1970).
The syntaxes are provided below:
# chage -d 0 [username]
OR
# chage --lastday 1970-01-01 [username]
For example, you can expire a user called linuxapt as shown:
# chage -d 0 linuxapt
Here, When user linuxapt tries to log in the next time, he will be required to change his password in the same manner.
This article covers how to force a user to change their password in any Linux Distribution.
If we create a user account with the default password, we can use this trick to force the user to change their account's default password when they first login to their account.
This will hopefully improve the security of their account.
We can achieve this in two ways.
1. Using passwd command
2. Using chage command