In NetSpace, there is the security policy that obliges users to change their account passwords once a year. The procedure is simple: upon sign in, the user is presented with a form to input their new password twice along with the password requirements. The user can not continue into the system until they set a new password. That comes as a surprise with no clear reason and can be confusing.

Although I support such a security policy, it should be better explained to the user by:
1. prior notifications that password should be changed soon with email and in-system pop-up message
2. A text with the explanation of the policy and the procedure on the Enter new password page.

Thanks,

Eugene