Strategy to force user change his password upon 1st login

How would handle a strategy to force a user to change his password upon 1st login ?

I will import thousands of users with some one-time-password.
I want to force them to change their password upon their 1st login.
This users do not have access to the email (which is a username).

Anyone insights please ?

The backend user has a policy setting for this already.

Do you mean backend or frontend user?

sorry, frontend users

Hey @chris

Similar to the backend, you could add password_expires_at and then set this to a date in the future. Then during the login, check the date and show a screen to change the password. This could be a CMS component on the layout that prevents every page from displaying until the password_expires_at is a time in the future again.

I hope this helps!

thanks @daft that’s a good idea.
I didnt think about a global cms component at the layout level to do the expiry date checkin.
I started to elaborate with an account proxy page that will follow immediately after a login.
But it does not account for all the other page indeed.