diff --git a/docs/installation/configuration-options.md b/docs/installation/configuration-options.md
index 2519ef2..673b1d2 100644
--- a/docs/installation/configuration-options.md
+++ b/docs/installation/configuration-options.md
@@ -48,6 +48,25 @@ If `true` it will enable password recovery process.
 If `true` and `allowPasswordRecovery` is false, it will enable administrator to send a password recovery email to a 
 user.
 
+#### maxPasswordAge (type: `integer`, default: `null`)
+
+If set to an integer value it will check user password age. If the days since last password change are greater than this configuration value
+user will be forced to change it. This enforcement is done only at login stage. In order to perform the check in every action you must configure
+a filter into your controller like this:
+```
+use Da\User\Filter\PasswordAgeEnforceFilter;
+class SiteController extends Controller
+{
+    public function behaviors()
+    {
+        return [
+            [...]
+            'enforcePasswordAge' => [
+                'class' => PasswordAgeEnforceFilter::className(),
+            ],
+```
+This will redirect the user to their account page until the password has been updated.
+
 #### allowAccountDelete (type: `boolean`, default: `true`)
 
 If `true` users will be able to remove their own accounts.