• Skip to main content
  • Skip to primary sidebar

Technipages

Tutorials and fixes for smartphone, gadget, and computer problems

  • Topics
    • Android
    • Gaming
    • Hardware
    • Internet
    • iOS
    • MacOS
    • Office
    • Software
    • Windows
    • Definitions
  • Product Reviews
  • Downloads
  • About Technipages
Linux: How to Configure the Default Password Aging Settings for New Accounts

Linux: How to Configure the Default Password Aging Settings for New Accounts

By Mel Hawthorne Leave a Comment

If you’re managing a Linux system, one of the tasks you may have to do is manage the settings passwords for user accounts. As part of this process, you will likely need to manage the settings for both existing and new accounts.

Managing the password settings for existing accounts is done through the “passwd” command, although there are other alternatives. You can set default settings for accounts that will be created in the future, however, saving you from manually changing defaults for each new account.

The settings are configured in the config file “/etc/login.defs”. As the file is located in the “/etc” directory, it will require root permissions to edit. To avoid any issues where you make changes then can’t save them because you don’t have permissions, make sure that you launch your preferred text editor with sudo.

The section you want is near the middle of the file and is titled “Password aging controls”. In it are three settings, “PASS_MAX_DAYS”, “PASS_MIN_DAYS”, and “PASS_WARN_AGE”. Respectively these are used to set how many days a password can be valid for before needing to be reset, how soon after one password change another can be made, and how many days warning a user gets before their password is expired.

The default values for password aging controls can be found and configured in the file “/etc/login.defs”.

“PASS_MAX_DAYS” defaults to 99999 which is used to indicate that passwords should not automatically expire. “PASS_MIN_DAYS” defaults to 0 which means that users can change their password as often as they like.

Tip: A minimum limit on password age is normally combined with a password history mechanism in order to prevent users from changing their password and then immediately changing it back to what it used to be.

“PASS_WARN_AGE” defaults to seven days. This value is only used if a user’s password is actually configured to expire.

How to configure the default password aging settings for new accounts

If you want to configure these values so that passwords are automatically expired every 90 days, a minimum age of one day is applied, and users are warned 14 days before they expire you should set the values “90”, “1”, and “14” respectively. Once you’ve made the changes you want, save the file. Any new accounts that are created after you update the file will have the settings you configured applied to it by default.

Values “90”, “1”, and “14” respectively, configure passwords to automatically expire every 90 days, be changed at most once per day, and provide users warnings that their password needs to be changed fourteen days before it expires.

Note: Unless mandated by policies, you should avoid configuring passwords to automatically expire over time. The NCSC, NIST, and the wider cybersecurity community now recommend that passwords are only expired when there is reasonable suspicion that they have been compromised. This is due to research that has shown that regular mandatory password resets actively push users towards choosing weaker and more formulaic passwords that are easier to guess. When users are not forced to regularly make and remember a new password, they’re better at creating longer, more complex, and generally stronger passwords.

You Might Also Like

  • Linux Mint: How to Configure Default Applications
    Linux Mint: How to Configure Default Applications
  • Linux Mint: How To Sign Into Your Online Accounts
    Linux Mint: How To Sign Into Your Online Accounts
  • Linux Mint: How to Configure Workspaces
    Linux Mint: How to Configure Workspaces
  • Linux Mint: How to Configure How Alt-Tab Works
    Linux Mint: How to Configure How Alt-Tab Works
  • Linux Mint: How to Configure Your Output Resolution
    Linux Mint: How to Configure Your Output Resolution
  • Linux Mint: How to Configure the Bottom Panel
    Linux Mint: How to Configure the Bottom Panel
  • Linux Mint: How to Configure the Login Window
    Linux Mint: How to Configure the Login Window
  • Linux Mint: How to Configure a Background Slideshow
    Linux Mint: How to Configure a Background Slideshow
  • Linux Mint: How to Configure the Menu Applet
    Linux Mint: How to Configure the Menu Applet

Filed Under: Software

Reader Interactions

Did this help? Let us know!

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

  • Windows 11: How to Add Clocks with Different Time Zones
  • Google Assistant: How to Never Miss a Birthday
  • Windows 11: How to Disable Notifications and Ads
  • How to Use Oculus Quest 2 Air Link
  • How to Create an Avatar in the Oculus Quest 2
  • 5 Free and Fun Math Apps for Kids
  • Windows 11: How to Discover What Graphics Card You’re Using
  • How to Change Display Resolution on Windows 10 and 11

Who’s Behind Technipages?

Baby and Daddy My name is Mitch Bartlett. I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

You May Also Like

  • Linux
  • One-Time Password

© Copyright 2022 Technipages · All Rights Reserved · Privacy