Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Is it possible to have users have to change their passwords every 90 days but not block them, just make them change the password on next use of the site?
If so how?
Comments
Comment #1
AohRveTPV CreditAttribution: AohRveTPV commentedYou probably found this by now, but to others who may have the same question:
There is a setting to do this at admin/config/people/password_policy under "Blocking expired accounts":
Comment #2
AohRveTPV CreditAttribution: AohRveTPV commentedNote that the text of that option is currently incorrect (which is what might have prompted the question). The second sentence is wrong and should be ignored. The user is not blocked if they do not change their password at next login. See #2093437: Should (password_policy_block == 1) block user accounts?.
Comment #3
rooby CreditAttribution: rooby commentedThanks, I did find that before.
It seems I had a bad run of not coming back to my issues with more info.