# Password Expiry
You can set up your Authgear project such that a user's password expires after a specific number of days. When a user logs in after the password expiry date, they'll see a prompt to change their password before they're redirected back to your app.
{% hint style="info" %}
By default, password expiry is turned **off** for your Authgear project. [Recent security research](https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry) shows that forcing users to change their passwords after some time can do more harm than good.
{% endhint %}
## Enable Password Expiry
Navigate to the password settings tab and scroll to the **Password Expiry** section. Toggle the "**Force password change on next login if it has expired"** button to enable password expiry.
## Set Expiry Date
You can use the field **Force change since last update (days)** to specify the number of days after which a user's password should expire.
For example, setting the value to 90 means the user's password will expire 90 days after the day they set or updated their password.
Once you're done, hit the **Save** button to keep your changes.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.authgear.com/authentication-and-access/authentication/passwords/password-expiry.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.