Password Expired Page
A forced password rotation gate with current and new password fields, a policy panel explaining the deadline, and a reset by email fallback.
A forced password rotation gate with current and new password fields, a policy panel explaining the deadline, and a reset by email fallback.
Search blocks by description or jump to a page.
The source for every Application block is included with Basic and Pro. Pick a plan to copy the code.
Already purchased? Log in
Password Expired Page is the forced rotation gate reached at sign in when an org policy deadline has passed. The Acme lockup sits above a card headed Your password has expired, the signed-in address named in weight, a muted panel that states the exact policy (a change every 90 days, last changed 94 days ago) and calls it org policy rather than a breach, then the current and new password fields each with a plain helper line. An Update password and continue button leads, and a footer note lists what happens on save: two other sessions sign out, passkeys and API keys are untouched, and the next change is in 90 days. A reset by email link sits below the card.
The block is static; the policy panel is the piece that turns a confusing forced logout into an expected step. The last-changed date and the untouched credentials note are the two lines that stop a security ticket.
Reach for this block as the interstitial shown after a valid sign in when the account's password age exceeds the rotation policy. Wire the form to your change password endpoint and read the last-changed date and policy window from the account record.
A natural flow around it on an Application Pro page:
Before
After
One strong use is the scheduled rotation gate. Other forced-change variants:
Tip: name the exact policy and the last-changed date; a forced change with no reason reads as a breach and sends the careful user straight to support.