Passwords need to change reasonably frequently. Every 3 months is probably a reasonable amount of time.
Add two fields on the user model: password update time and stale password
password update time would be populated in change_password view
stale password updated by a management command which runs through user's checking the date and emailing people from 2 days before their password expires until the day (only daily).
Check password on post-login and kick to change-password if stale.
login view will need a check for this to redirect regardless
Passwords need to change reasonably frequently. Every 3 months is probably a reasonable amount of time.
Add two fields on the user model:
password update timeandstale passwordpassword update time would be populated in change_password view
stale password updated by a management command which runs through user's checking the date and emailing people from 2 days before their password expires until the day (only daily).
Check password on post-login and kick to change-password if stale.
login view will need a check for this to redirect regardless