Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Force Password Change

2,538 sites Security covered
View on drupal.org

This module allows administrators to force users to change their password upon their next login or page load. It can be applied to specific roles, individual users, or all newly created users, and also supports setting password expiration periods.

Concept

This module allows administrators to force users, by role, individual user, or newly created user, to change their password on their next page load or login, and/or expire their passwords after a period of time.

Features

  • Ability to force all users in a role to change their password
  • Ability to force individual users to reset their password from their profile edit page (user/[UID]/edit)
  • Ability to set an expiry on passwords so that if users haven't changed their password within that time period, they will be required to do so
  • Ability to force all new users to change their password on first-time login (site-wide setting for all new users)
  • Ability for admins to force individual users to change their password on first time login when creating a new user. (Note: If the global setting forcing all new users to reset their password is enabled on the module settings page, this checkbox will not appear as it is redundant)
  • Listing of stats on the user edit page (user/[UID]/edit) showing:
    • Whether the user has a pending forced password change
    • When the user last had their password forced to be changed
    • When the user last changed their password
  • Status page for each role showing:
    • Password change details by user
    • The last time at which the role was forced to change the password
    • A form to force the password change for all users in that role

If your site becomes inaccessible

If your site becomes unusable or inaccessible for some reason, you can temporarily disable the module functionality using the following methods:

Edit settigs.php and add the following line:

D10+

$config['force_password_change.settings']['enabled'] = FALSE;

Fix whatever problems you have then remove the line to re-enable the module functionality.

Alternate Modules

The Password Reset Landing Page module forces users to use a new password when using the password recovery page. This module is complimentary to the Force Password Change module.

The Password Policy module comes bundled with the 'Password change tab' module that also provides the ability to force a password change for users. You may want to try out both modules to see which one better suits your needs.

Activity

Total releases
1
First release
Jul 2025
Latest release
1 year ago
Releases (12 mo)
0 ▼ from 1
Maintenance
Dormant

Releases

Version Type Release date
2.0.2 Stable Jul 9, 2025