Overview
This article explains the “Password Expiration Policy” setting, found under Main Settings > General Settings > Security Settings > Basic Settings. This setting controls whether Classter automatically requires users to change their password after a set number of days have passed since they last changed it. It is measured in days and is set to zero (never expire) by default.
What This Setting Does
This setting defines how many days a password stays valid before Classter requires the account holder to set a new one. It applies to every type of Online Account in the institute, including Student (Learner), Teacher (Educator), Parent, and Staff accounts.
The countdown is based on the date the password was last changed (or first set, when the account was created), not on the date the account itself was created. Every time a user changes their password, whether voluntarily or because it was required, the countdown starts again from that day.
If the value is left at zero, the default, passwords never expire automatically and users are never forced to change their password purely because of its age. Setting any number greater than zero, for example 90, activates the automatic expiration countdown for every account in the institute.
Where It Is Used
This setting is located at Main Settings > General Settings > Security Settings > Basic Settings.
It takes effect the moment a user logs in, either through the web Portal or the mobile app. If the number of days configured in this setting has passed since the password was last changed, Classter flags the account and the user is required to set a new password before they can continue using the system.
This check only happens when a new login takes place; it is not applied again during a session that is already open.
Accounts that sign in through an external identity provider, such as a school Microsoft or Google account, are not affected by this setting, since those accounts do not use a password that is managed by Classter.
Administrators can review when each account last changed its password from Management > User Accounts, in the “Last Password Change Date” column, shown below for a list of Teacher (Educator) accounts. The same screen also shows a separate “Change password on next login” indicator, which an administrator can set manually for any account, independently of this policy.

Figure 1: The “Last Password Change Date” column on the User Accounts screen, used to review when each account last changed its password.
Business Logic / Behavior
Based on the setting description and how it is enforced, the following business rules apply:
- A value of zero disables the policy completely; passwords never expire due to age alone.
- Any value greater than zero is the number of days a password stays valid after it was last changed.
- The rule applies equally to every account and role; there is no exemption for administrator accounts or any other account type.
- The requirement to set a new password is only enforced at login; Classter does not show any advance warning before the expiration date is reached.
- An administrator can manually mark an account with “Change password on next login” from the User Accounts screen at any time; this has the same practical effect as an expired password, but is a separate, manual action, not driven by the day count configured in this setting.
- This setting behaves the same way whether the institute is set up for K-12 education or for Higher Education (see “Enable Configuration for Higher Education” in the Notes section below); there is no difference in how the countdown or the forced password change works between the two modes.
Example(s)
Example 1: Automatic expiration
Alpha Institute sets the Password Expiration Policy to 90 days. Teacher (Educator) Maria P. last changed her password on the 1st of January. On the 1st of April, ninety days later, Maria P. tries to log in to Classter. The system detects that her password has expired and asks her to set a new one before she can continue.
Example 2: Policy left disabled
Beta College keeps the default value of zero. Passwords at Beta College never expire automatically; Staff and Student (Learner) accounts can keep the same password indefinitely, although each user can still choose to change their own password voluntarily at any time from their profile.
When to Use
When to Enable
- The institute follows an internal or external security policy that requires passwords to be renewed periodically.
- The institute manages sensitive personal, academic, or financial data and wants an additional layer of protection against passwords that may have been shared or forgotten to be changed.
- The institute wants a consistent, automatic way to encourage all users to refresh their password from time to time, without relying on staff to do this manually.
When to Disable
- The institute prefers not to interrupt users with a forced password change and relies on other safeguards instead, such as Two-Factor Authentication or an external sign-in method.
- Frequent forced password changes are not required by the institute policies and the default, more convenient behavior is preferred.
- Most accounts sign in through an external identity provider, where password renewal is already managed outside Classter.
Notes
Higher Education vs K-12 Mode: as noted above, this setting works identically in both modes; enabling or disabling Higher Education mode does not change how the expiration countdown or the forced password change behaves.
Related Settings:
- “New users must change password at first login” (Main Settings > General Settings > Security Settings > Basic Settings): forces a password change the very first time a brand new account logs in, independently of the number of days configured in this policy.
- “Password Strength” (Main Settings > General Settings > Security Settings > Basic Settings): defines how complex any new password must be, including a password set to satisfy this expiration policy.
- “Enable Configuration for Higher Education” (Main Settings > General Settings > Higher Education Customization > Basic Settings): switches Classter between K-12 and Higher Education mode; it does not change how this policy behaves.