The password policy defines a period for which the password of all the users is valid. At the end of the longevity period, the user's password expires. During login, the user's password is checked. If the password expires, then the user is redirected to the password expired page, where the user must provide a new password.