• Skip to main content
  • Skip to primary sidebar

Technipages

Tutorials and fixes for smartphone, gadget, and computer problems

  • Topics
    • Android
    • Browsers
    • Gaming
    • Hardware
    • Internet
    • iPhone
    • Linux
    • macOS
    • Office
    • Reviews
    • Software
    • Windows
    • Definitions
  • Product Reviews
  • Downloads
  • About
Linux: How to Configure the Default Password Aging Settings for New Accounts

Linux: How to Configure the Default Password Aging Settings for New Accounts

November 27, 2020 by Mel Hawthorne Leave a Comment

If you’re managing a Linux system, one of the tasks you may have to do is manage the settings passwords for user accounts. As part of this process, you will likely need to manage the settings for both existing and new accounts.

Managing the password settings for existing accounts is done through the “passwd” command, although there are other alternatives. You can set default settings for accounts that will be created in the future, however, saving you from manually changing defaults for each new account.

The settings are configured in the config file “/etc/login.defs”. As the file is located in the “/etc” directory, it will require root permissions to edit. To avoid any issues where you make changes then can’t save them because you don’t have permissions, make sure that you launch your preferred text editor with sudo.

The section you want is near the middle of the file and is titled “Password aging controls”. In it are three settings, “PASS_MAX_DAYS”, “PASS_MIN_DAYS”, and “PASS_WARN_AGE”. Respectively these are used to set how many days a password can be valid for before needing to be reset, how soon after one password change another can be made, and how many days warning a user gets before their password is expired.

The default values for password aging controls can be found and configured in the file “/etc/login.defs”.

“PASS_MAX_DAYS” defaults to 99999 which is used to indicate that passwords should not automatically expire. “PASS_MIN_DAYS” defaults to 0 which means that users can change their password as often as they like.

Tip: A minimum limit on password age is normally combined with a password history mechanism in order to prevent users from changing their password and then immediately changing it back to what it used to be.

“PASS_WARN_AGE” defaults to seven days. This value is only used if a user’s password is actually configured to expire.

How to configure the default password aging settings for new accounts

If you want to configure these values so that passwords are automatically expired every 90 days, a minimum age of one day is applied, and users are warned 14 days before they expire you should set the values “90”, “1”, and “14” respectively. Once you’ve made the changes you want, save the file. Any new accounts that are created after you update the file will have the settings you configured applied to it by default.

Values “90”, “1”, and “14” respectively, configure passwords to automatically expire every 90 days, be changed at most once per day, and provide users warnings that their password needs to be changed fourteen days before it expires.

Note: Unless mandated by policies, you should avoid configuring passwords to automatically expire over time. The NCSC, NIST, and the wider cybersecurity community now recommend that passwords are only expired when there is reasonable suspicion that they have been compromised. This is due to research that has shown that regular mandatory password resets actively push users towards choosing weaker and more formulaic passwords that are easier to guess. When users are not forced to regularly make and remember a new password, they’re better at creating longer, more complex, and generally stronger passwords.

You Might Also Like

  • Linux Mint: How to Configure Default Applications
    Linux Mint: How to Configure Default Applications
  • Linux Mint: How To Sign Into Your Online Accounts
    Linux Mint: How To Sign Into Your Online Accounts
  • Linux Mint: How to Configure Workspaces
    Linux Mint: How to Configure Workspaces
  • Linux Mint: How to Configure How Alt-Tab Works
    Linux Mint: How to Configure How Alt-Tab Works
  • Linux Mint: How to Configure Your Output Resolution
    Linux Mint: How to Configure Your Output Resolution
  • Linux Mint: How to Configure the Bottom Panel
    Linux Mint: How to Configure the Bottom Panel

Filed Under: Software

Reader Interactions

Did this help? Let us know!

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

  • Microsoft Edge Collections: What It is and How to Use It
  • YouTube Premium: How to Disable/Enable Background Playback
  • How to Update Apps on iPad (iPadOS 16.3.1)
  • How to Fix Outlook Rules Are Not Supported for This Account
  • How to Stop Windows 11 Updates
  • How to Change the Themes on Windows 11
  • How to Use Goal Seek in Excel (With Real-Life Examples)
  • How to Use MiniTool MovieMaker for Stellar Video Editing

Who’s Behind Technipages?

Baby and Daddy My name is Mitch Bartlett. I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

You May Also Like

  • Linux
  • One-Time Password

© Copyright 2023 Guiding Tech Media · All Rights Reserved · Privacy