If you need your users to update their password periodically for security, you can enable the Password Expiration Period option, which can be found under Settings > Security.
Who can activate this option?
All users who have an administrator role.
How does it work?
The administrator must choose between different expiration periods; 30, 60, 90, 180 and 365 days. After choosing the period, select the save button and that's it! Users must update their password after exceeding the established period, counting from the day on which the option was configured.
New passwords must not be the same as the last 2 expired passwords.