More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
docs
betterdocs_faq

New users must change password at first login

Updated on July 8, 2026

6 min to read

 

Overview

This article explains the “New users must change password at first login” setting, found under Main Settings > General Settings > Security Settings > Basic Settings. This setting controls whether a newly created Online Account is required to have its password changed the very first time the new user logs in to the Portal. It is a Yes/No option and is turned off (No) by default.

 

What This Setting Does

When this setting is turned on, every new Online Account created for a Student, Teacher (Educator), Parent, or Staff member is automatically marked with a “change password on next login” flag at the moment the account is created.

The first time that new user successfully logs in to the Portal, and only after accepting the Terms and Conditions, Classter shows a Change Password window and asks the user to set a new password before continuing to use the Portal.

The user is allowed to close or cancel this window and continue without changing the password for that session. The request does not go away, however: Classter keeps showing the Change Password window at every login until the user actually sets a new password.

 

Figure 1: The Change Password window shown to a new user the first time they log in, when this setting is enabled.

 

Once the user completes the password change, the requirement is cleared and the window does not appear again for that account, unless it is triggered again later by a separate action (for example, an administrator resetting the password).

When this setting is turned off, this window is not shown at all and new users can log in and use the Portal right away with their initial password.

 

Where It Is Used

This setting is located at Main Settings > General Settings > Security Settings > Basic Settings.

It takes effect at the moment an administrator or office staff member creates a new Online Account for a Student, Parent, Teacher (Educator), or Staff member, for example through the Online Accounts screen. The setting is not applied retroactively: accounts that already existed before the setting was turned on are not affected by a later change to this setting.

The resulting prompt, the Change Password window, appears on the Portal right after a successful login, on the user Home/Dashboard page, following the Terms and Conditions confirmation step.

 

Business Logic / Behavior

Based on the setting description and its place among the other Security Settings, the following business rules apply:

  • The requirement is set once, at account creation. It is not re-applied automatically to accounts that already existed before the setting was enabled.
  • The Change Password window can be dismissed (cancelled) by the user, but it reappears at every subsequent login until a new password is actually set.
  • The requirement applies to the user own primary account. Secondary or linked accounts, such as an additional login connected to another primary account, are not affected by this prompt.
  • The password the user chooses in response to this prompt must still follow whatever password complexity rules are configured for the institute (see “Password Strength” in the Notes section below).
  • This setting only controls the very first login after account creation. Ongoing, periodic password renewal (for example, requiring a new password every 90 days) is handled by a separate setting, “Password Expiration Policy” (see below).

 

Example(s)

Example 1: New Student account

Alpha Institute has this setting turned on. The registrar office creates a new Online Account for a student, Maria P., and Classter generates a temporary first password for her. The next morning, Maria opens the Student Portal and logs in for the first time using that temporary password. After confirming the institute Terms and Conditions, she immediately sees a window asking her to choose a new password before continuing. She sets a new password that meets the institute password rules, and from then on she logs in normally without seeing that window again.

Example 2: New Teacher account, prompt dismissed

Beta College also has this setting turned on. The HR office creates an Online Account for a new teacher, George S. When George first logs in to the Portal, he sees the Change Password window but is in a hurry, so he closes it without changing his password. He is still able to use the Portal for that session. The next day, when George logs in again, Classter shows the Change Password window again. This repeats at every login until George finally sets his own new password, after which the window stops appearing.

 

When to Use

 

When to Enable

  • The institute wants to make sure temporary passwords generated automatically for new accounts (or based on a phone number, if that option is used) are not left unchanged after the account is first used.
  • The institute has a security or compliance policy requiring every new account to start with a password that only the account owner knows.
  • A large number of new accounts are created at once, for example at the start of a new academic year or an admission period, and the institute wants a consistent, automatic way to prompt all of them to personalize their password.

When to Disable

  • The institute prefers a simpler first-login experience with no extra prompt.
  • New accounts log in through an external sign-in method, such as a school Microsoft or Google account, where password management is handled outside Classter.
  • The first password given to new users is already personally chosen or securely communicated in a way that does not require an additional forced change.

 

Notes

Higher Education vs K-12 Mode: This setting behaves the same way whether the institute is running in K-12 mode or in Higher Education mode (controlled by the “Use College Customization” setting). Higher Education mode changes academic terminology and structures elsewhere in Classter, but it does not change how this password setting works.

Prerequisites: Before enabling this setting, it is recommended to first decide how the initial, temporary password for new accounts will be generated (see “Use User Mobile/Phone Number as First Time Password” below) and to review the password complexity rules configured for the institute (see “Password Strength” below), so that new users are able to successfully set a password that Classter accepts.

Related Settings:

  • “Password Expiration Policy” (Main Settings > General Settings > Security Settings > Basic Settings Tab – PasswordExpirationPolicy): forces a password change after a set number of days have passed since the last change, for all users, not only new ones.
  • “Password Strength” (Main Settings > General Settings > Security Settings > Basic Settings Tab – PasswordStrengthPolicy): defines the complexity rules a new password must meet.
  • “Use User Mobile/Phone Number as First Time Password” (Main Settings > General Settings > Security Settings > Basic Settings Tab – UseUserMobilePhoneNumberAsFirstTimePassword): controls how the first, temporary password for a new account is generated.
  • “Show First Password to Staff” (Main Settings > General Settings > Security Settings > Basic Settings Tab – ShowFirstPasswordtoStaff): controls whether office staff can view the generated first password in order to share it with the new user.

 

 

Was this article helpful?