diff --git a/defaults/main.yml b/defaults/main.yml
index 867664c..411e347 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,7 +13,9 @@ users_default_users: []
 
 users_default_groups: []
 
-users_default_umask: "022"
+users_global_umask: "022"
+users_pass_min_day: 1
+
 users_global_bash_aliases:
   - alias: "ll"
     command: "ls -lh"
diff --git a/tasks/bash.yml b/tasks/bash.yml
index 28cead0..f75d49c 100644
--- a/tasks/bash.yml
+++ b/tasks/bash.yml
@@ -16,5 +16,21 @@
         owner: root
         group: root
         mode: 0644
+
+    - name: Set umask to /etc/login.defs
+      lineinfile:
+        path: /etc/login.defs
+        regexp: '^UMASK(\s+)'
+        line: 'UMASK\1{{ users_global_umask }}'
+        backrefs: yes
+        state: present
+
+    - name: Enforcing minimum password lifetime
+      lineinfile:
+        path: /etc/login.defs
+        regexp: '^PASS_MIN_DAYS(\s+)'
+        line: 'PASS_MIN_DAYS\1{{ users_pass_min_day }}'
+        backrefs: yes
+        state: present
   become: True
   become_user: root
diff --git a/tasks/users_default.yml b/tasks/users_default.yml
index c2e0068..c4a83e4 100644
--- a/tasks/users_default.yml
+++ b/tasks/users_default.yml
@@ -1,12 +1,12 @@
 ---
 - block:
-    - name: Create common groups
+    - name: Create groups
       group:
         name: "{{ item }}"
         state: present
       loop: "{{ users_default_groups }}"
 
-    - name: Create common users
+    - name: Create users
       user:
         name: "{{ item.name }}"
         groups: "{{ item.groups | default([]) | join(',') or omit }}"
diff --git a/templates/etc/profile.d/custom.sh.j2 b/templates/etc/profile.d/custom.sh.j2
index fa927ce..e086a25 100644
--- a/templates/etc/profile.d/custom.sh.j2
+++ b/templates/etc/profile.d/custom.sh.j2
@@ -1,6 +1,6 @@
 #jinja2:lstrip_blocks: True
 {{ ansible_managed | comment }}
-umask {{ users_default_umask }}
+umask {{ users_global_umask }}
 
 # are we an interactive shell?
 if [ "$PS1" ]; then