Forcing someone to change their password after 60 days

I want to force someone to change their password after 60 days. I'm going to write how I was planning on doing it and see if you experts have any recommendations for me.

So I'm going to use Date or Date time - that doesn't matter how I generate 60 days.

I want to render the user incapable of performing any tasks until they change their password.

Here's how I was going to do it
-Do not set a cookie
-load a change password page with a hidden input that had their username
-set some form of access control

Is this stupid? Should I use a cookie?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ste5anSenior DeveloperCommented:
You're aware of the updated NIST recommendations?

You should not force the user to change a password without reason.

Thus said, your path is okay. But don't hide the user name. Hidding information in such a situation is imho a bad idea.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
burnedfacelessAuthor Commented:
I’m not aware of the updated recommendations. Thank you for that.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.