diff --git a/src/Controller/DefaultController.php b/src/Controller/DefaultController.php
index 0755220..91899eb 100644
--- a/src/Controller/DefaultController.php
+++ b/src/Controller/DefaultController.php
@@ -9,6 +9,7 @@ use App\Libs\Libs;
 use App\Libs\NavList;
 use DateInterval;
 use DateTime;
+use DateTimeInterface;
 use DateTimeZone;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -47,6 +48,18 @@ class DefaultController extends AbstractController
             return $this->redirectToRoute('app_register_step', ['step' => RegistrationController::REGISTER_STEP_TWO]);
         }
 
+        $oldPasswordDate = new DateTime('now', new DateTimeZone($_ENV['COMPANY_TIMEZONE']));
+        $oldPasswordDate->sub(DateInterval::createFromDateString('120 days'));
+
+        if (is_a($user->getPasswordChanged(), DateTimeInterface::class) && $user->getPasswordChanged() < $oldPasswordDate) {
+            $this->addFlash('danger', 'You must change your password');
+            return $this->redirectToRoute('app_profile');
+        }
+
+        if($_SERVER['HTTP_REFERER'] == "{$_SERVER['HTTP_X_FORWARDED_PROTO']}://{$_SERVER['HTTP_HOST']}/") {
+            $this->entityManager->getRepository(User::class)->updateLastLogin($user);
+        }
+
         $ytdtravel = $this->entityManager->getRepository(CaseItinerary::class)->getYTDTravel($user);
         $last30days = $this->entityManager->getRepository(CaseItinerary::class)->getTravelLast30Days($user);
         $ytdMiles = 0;
diff --git a/src/Repository/UserRepository.php b/src/Repository/UserRepository.php
index 3b3872e..7171e1c 100644
--- a/src/Repository/UserRepository.php
+++ b/src/Repository/UserRepository.php
@@ -4,6 +4,8 @@ namespace App\Repository;
 
 use App\Entity\Company;
 use App\Entity\User;
+use DateTime;
+use DateTimeZone;
 use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
 use Doctrine\Persistence\ManagerRegistry;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
@@ -20,6 +22,20 @@ class UserRepository extends ServiceEntityRepository implements PasswordUpgrader
         parent::__construct($registry, User::class);
     }
 
+    public function updateLastLogin(User $user): void
+    {
+        $currentTime = new DateTime('now', new DateTimeZone($_ENV['COMPANY_TIMEZONE']));
+        $qb = $this->createQueryBuilder('u');
+        $q = $qb->update(User::class, 'u')
+               ->set('u.lastLogin', "'{$currentTime->format('Y-m-d H:i:s')}'")
+               ->where('u.id = :id')
+               ->setParameter('id', $user->getId()->toBinary())
+               ->getQuery()
+        ;
+
+        $q->execute();
+    }
+
     /**
      * Used to upgrade (rehash) the user's password automatically over time.
      */