The aim of this feature is to provide a mechanism which requires uses to reset their passwords after a given interval.
A global process engine configuration value for password expiry has been specified
The expiry date for a password is reached (calculated based on the date the password was created)
After providing a valid password upon login, the user is prompted to change their password.
Is the new password required to be different from all previous passwords or only the last one?