Is it possible to have users have to change their passwords every 90 days but not block them, just make them change the password on next use of the site?

If so how?

Comments

AohRveTPV’s picture

AohRveTPV CreditAttribution: AohRveTPV commented
Status: Active » Fixed

You probably found this by now, but to others who may have the same question:

There is a setting to do this at admin/config/people/password_policy under "Blocking expired accounts":

The user with expired account is not blocked, but sent to a change password page. If the password is not changed, the account is blocked and the user cannot login again.

AohRveTPV’s picture

AohRveTPV CreditAttribution: AohRveTPV commented

Note that the text of that option is currently incorrect (which is what might have prompted the question). The second sentence is wrong and should be ignored. The user is not blocked if they do not change their password at next login. See #2093437: Should (password_policy_block == 1) block user accounts?.

rooby’s picture

rooby CreditAttribution: rooby commented

Thanks, I did find that before.

It seems I had a bad run of not coming back to my issues with more info.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.