Quick, safe ways to require users to change their password the next time they log in. 21.01.2026 | reading time: 3 min Why force a password reset at logon? Maybe a credential leaked, an employee left, or a policy demands rotation; forcing a change at next login is a simple, immediate remediation every admin should master. Hands-on example Try this on a test system to see the effect: ```bash # create a test user and set a password non-interactively sudo useradd -m testuser echo "testuser:Passw0rd!" | sudo chpasswd # force password change at next login with chage sudo chage -d 0 testuser # verify the password aging info sudo chage -l testuser ``` Expected condensed output from `chage -l testuser` looks like: ```text Last password change : Jan 01, 1970 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 ``` When the user logs in they will see a prompt requiring a password change and then the usual password-change dialogue where a new password is entered. Other approaches and caveats Two common alternatives are `passwd -e username` (expire) and editing shadow fields with `chage -d 0`; both mark the account so PAM forces a change, but they do not affect key-based SSH logins or service accounts that do not authenticate with a password; be careful not to expire system accounts and remember root can override the requirement. Automation and scale For dozens or thousands of users script the action with a loop, use `chage` in a configuration management tool, or drive it from an identity system; when automating include checks to skip non-password accounts and add logging so you can audit who was forced to reset. Security connections For centralized authentication (LDAP, Active Directory via winbind or SSSD) the change is usually managed on the directory side; forcing a local shadow change only works for local accounts, so align the method with your auth architecture. Wrap-up and next steps Forcing a password reset is a small command with big impact; practice on test accounts, document your process, and add it to incident playbooks so you can react quickly when credentials are at risk — then deepen your skills with formal training like CompTIA Linux+ or LPIC-1 and consider intensive exam preparation at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. security utilities setup scripting troubleshooting
