Hello,

Considering the amount of spam attacks recently we try to minimize te risk of hacking into with older accounts.
I have been searching for an option to periodically, let's say yearly, force a user to reset their password. I can't find it or a question related to this on the forum.
So when a user logs in and their password hasn't changed for at least 365 days then they would need to change their password upon logging in. Is this possible?
 

Possible with customisation, yep.

I put a proof of concept together last year for this, actually - following this discussion:

Based on Daniel's final post in there, I decided not to continue with it as a potential MarketPlace resource as I expect it wouldn't be approved.