diff --git a/tests/platform_tests/test_first_time_boot_password_change/__init__.py b/tests/platform_tests/test_first_time_boot_password_change/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/platform_tests/test_first_time_boot_password_change/default_consts.py b/tests/platform_tests/test_first_time_boot_password_change/default_consts.py
new file mode 100644
index 00000000000..c89725021a5
--- /dev/null
+++ b/tests/platform_tests/test_first_time_boot_password_change/default_consts.py
@@ -0,0 +1,59 @@
+'''
+This file contains the default consts used by the scripts on the same folder:
+manufactue.py and test_first_time_boot_password_change.py
+'''
+class DefaultConsts:
+    '''
+    @summary: a constants class used by the tests
+    '''
+    DEFAULT_USER = 'admin'
+    DEFAULT_PASSWORD = 'YourPaSsWoRd'
+    DUMMY_PASSWORD = 'admin'
+    NEW_PASSWORD = 'Jg_GRK9BJB58s_5H'
+    ONIE_USER = 'root'
+    ONIE_PASSWORD = 'root'
+
+    # connection command
+    SSH_COMMAND = 'ssh  -tt -q -o ControlMaster=auto -o ControlPersist=60s -o ' \
+                  'ControlPath=/tmp/ansible-ssh-%h-%p-%r -o StrictHostKeyChecking=no ' \
+                  '-o UserKnownHostsFile=/dev/null -o GSSAPIAuthentication=no ' \
+                  '-o PubkeyAuthentication=no -p 22 -l {} '
+
+    ANOTHER_SSH_COMMAND = 'ssh -l {} '
+
+    ORIGINAL = 'ssh  -tt -q -o ControlMaster=auto -o ControlPersist=60s -o ' \
+                  'ControlPath=/tmp/ansible-ssh-%h-%p-%r -o StrictHostKeyChecking=no ' \
+                  '-o UserKnownHostsFile=/dev/null -o GSSAPIAuthentication=no ' \
+                  '-o PubkeyAuthentication=no -p 22 -l {} '
+
+    SCP_COMMNAD = 'scp -o ControlMaster=auto ' \
+                  '-o ControlPersist=60s -o ControlPath=/tmp/ansible-ssh-%h-%p-%r' \
+                  ' -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ' \
+                  'GSSAPIAuthentication=no -o PubkeyAuthentication=no   {} {}@{}:{}'
+
+    ONIE_INSTALL_PATH = 'platform_tests/test_first_time_boot_password_change/onie_install.sh'
+    # expired password message regex
+    PASSWORD_REGEX = 'assword'
+    PERMISSION_DENID = '[Pp]ermission denied'
+    DEFAULT_PROMPT = ['$', '#']
+    SONIC_PROMPT = '$'
+    LOGIN_INCORRECT = 'Login incorrect'
+    KEY_VERIFICATION_ERR = 'Host key verification failed '
+    CONTINUE_CONNECTING = '(yes/no/[fingerprint])?'
+    LONG_PERIOD = 30
+    APPLY_CONFIGURATIONS = 10
+    SLEEP_AFTER_MANUFACTURE = 60
+    NEW_PASSWORD_REGEX = 'New password'
+    RETYPE_PASSWORD_REGEX = 'Retype new password'
+    # expired password message regex
+    EXPIRED_PASSWORD_MSG = 'You are required to change your password immediately'
+
+    # visual colors
+    OKBLUE = '\033[94m'
+    OKGREEN = '\033[92m'
+    WARNING = '\033[93m'
+    FAIL = '\033[91m'
+    ENDC = '\033[0m'
+    BOLD = '\033[1m'
+
+
diff --git a/tests/platform_tests/test_first_time_boot_password_change/manufacture.py b/tests/platform_tests/test_first_time_boot_password_change/manufacture.py
new file mode 100644
index 00000000000..77207cfc6dd
--- /dev/null
+++ b/tests/platform_tests/test_first_time_boot_password_change/manufacture.py
@@ -0,0 +1,237 @@
+'''
+This is script will install a given image passed in the parameters
+to the device using ONIE install mode.
+Assumptions:
+    1. The system is up
+    2. Login username is 'admin' and default password: 'YourPaSsWoRd'
+    3. ONIE system with either no password to enter ONIE cli or 'root' password
+    4. Enough space to upload restore image to ONIE, otherwise it will fail
+    5. "onie_insall.sh" script in the same folder as this script
+    6. Existing image, will not check if the image path is existing, should be accessible without password!
+
+Detailed logic of manufacture script:
+    1. Connect to dut
+    2. upload the "onie_install.sh" file in the same folder to dut
+    3. run the bash file, the script "onie_install.sh" is responsible for entering ONIE install mode
+    4. upload image to ONIE
+    5. install image using onie-nos-install
+'''
+import pexpect
+import time
+from ansible.module_utils.basic import *
+import logging
+from tests.platform_tests.test_first_time_boot_password_change.default_consts import DefaultConsts
+
+
+logger = logging.getLogger(__name__)
+
+
+def print_log(msg, color=''):
+    '''
+    @summary: will print the msg with date format first
+    :param msg: msg to print
+    :param color: colot to print
+    :return:
+    '''
+    logger.info(color + msg + DefaultConsts.ENDC)
+
+
+def ping_till_alive(dut_ip, should_be_alive=True, timeout=300):
+    '''
+    @summary: this function will ping system till alive, if specified otherwise
+    will ping till down
+    :param dut_ip: device under test ip address
+    :param should_be_alive: if True, will ping system till alive, if False will ping till down
+    :param timeout: fail if the desired state is not achieved
+    '''
+    # create an engine
+    localhost_engine = pexpect.spawn('sudo su', env={'TERM': 'dumb'})
+    localhost_engine.expect(['.*#', '.$'])
+    time_passed = 0
+    result = 'Fail'
+    while time_passed <= timeout:
+        print_log("Pinging system {} till {}".format(dut_ip, 'alive' if should_be_alive else 'down'))
+        localhost_engine.sendline('ping -c 1 ' + dut_ip)
+        response = localhost_engine.expect(['1 packets received', '0 packets received'])
+        if response == 0:
+            if should_be_alive:
+                result = 'Success'
+                break
+        else:
+            if not should_be_alive:
+                result = 'Success'
+                break
+
+        print_log("Sleeping 2 secs between pings")
+        time.sleep(2)
+        time_passed += 2
+
+    if result == 'Fail':
+        fail_msg = "Expected system to be {} after timeout of {} but the system was {}".format(
+            'alive' if should_be_alive else 'down',
+            timeout,
+            'down' if should_be_alive else 'alive'
+        )
+        print_log(fail_msg)
+    localhost_engine.close()
+
+
+def create_engine(dut_ip, username, password, timeout=30):
+    '''
+    @summary: this command will create an ssh engine to run command
+    on the device under test
+    :param dut_ip: device under test ip address
+    :param username: user name to login
+    :param password: password for username
+    :param timeout: default timeout
+    '''
+    print_log("Creating engine for {} with username: {} and password: {}".format(dut_ip, username, password))
+    child = pexpect.spawn(DefaultConsts.SSH_COMMAND.format(username) + dut_ip, env={'TERM': 'dumb'}, timeout=timeout)
+    index = child.expect([DefaultConsts.PASSWORD_REGEX,
+                          DefaultConsts.DEFAULT_PROMPT[0],
+                          DefaultConsts.DEFAULT_PROMPT[1]])
+    if index == 0:
+        child.sendline(password + '\r')
+
+    print_log("Engine created successfully")
+    return child
+
+
+def upload_file_to_dut(dut_ip, filename, destination, username, password, timeout=30):
+    '''
+    @summary: this function will upload the given file to dut under destination folder
+    :param dut_ip: device under test
+    :param filename: path to filenmae
+    :param username: username of the device
+    :param password: password to username
+    :param timeout: timeout
+    '''
+    print_log('Uploading file {} to dut {} under \'{}\' dir'.format(filename, dut_ip, destination))
+    if timeout > DefaultConsts.LONG_PERIOD:
+        print_log('Please be patient this may take some time')
+    cmd = DefaultConsts.SCP_COMMNAD.format(filename, username, dut_ip, destination)
+    child = pexpect.spawn(cmd, timeout=timeout)
+    index = child.expect(["100%",
+                          DefaultConsts.PASSWORD_REGEX])
+    if index == 0:
+        print_log('Done Uploading file - 100%', DefaultConsts.OKGREEN)
+        return
+
+    # enter password
+    child.sendline(password + '\r')
+    child.expect(['100%'])
+    print_log('Done Uploading file - 100%', DefaultConsts.OKGREEN)
+
+
+def enter_onie_install_mode(dut_ip):
+    '''
+    @summary: this function will upload the "onie_install.sh" bash script
+    found in the same folder of this script and run it from the dut,
+    the script "onie_install.sh" is used to load the the ONIE install mode after reboot,
+    for more info please read the documentation in the bash script.
+    :param dut_ip: device under test ip address
+    '''
+    print_log("Entering ONIE install mode by running \"onie_install.sh\" bash script on DUT",
+              DefaultConsts.WARNING + DefaultConsts.BOLD)
+    upload_file_to_dut(dut_ip, DefaultConsts.ONIE_INSTALL_PATH, '/tmp',
+                        DefaultConsts.DEFAULT_USER,
+                        DefaultConsts.DEFAULT_PASSWORD)
+    # create ssh connection device
+    sonic_engine = create_engine(dut_ip, DefaultConsts.DEFAULT_USER, DefaultConsts.DEFAULT_PASSWORD)
+    sonic_engine.sendline('sudo su')
+    sonic_engine.expect('$')
+    sonic_engine.sendline('cd /tmp')
+    sonic_engine.expect('$')
+    print_log("Validating file \"{}\" existence".format(DefaultConsts.ONIE_INSTALL_PATH.split('/')[-1]))
+    # validate the file is there
+    sonic_engine.sendline('ls')
+    sonic_engine.expect('{}'.format(DefaultConsts.ONIE_INSTALL_PATH.split('/')[-1]))
+    # # change permissions
+    print_log("Executing the bash script uploaded")
+    sonic_engine.sendline('sudo chmod +777 onie_install.sh')
+    sonic_engine.expect('$')
+    sonic_engine.sendline('sudo ./onie_install.sh install')
+    sonic_engine.expect('Reboot will be done after 3 sec')
+    # # close session, the system will perform reboot
+    ping_till_alive(dut_ip, should_be_alive=False)
+    print_log("System is Down!", DefaultConsts.BOLD + DefaultConsts.OKGREEN)
+    sonic_engine.close()
+
+
+def install_image_from_onie(dut_ip, restore_image_path):
+    '''
+    @summary: this function will upload the restore image to ONIE and perform
+    install to the image using "onie-nos-install"
+    :param dut_ip: device under test ip address
+    :param restore_image_path: path to restore image should be in the format /../../../your_image_name.bin
+    '''
+    ping_till_alive(dut_ip, should_be_alive=True)
+    print_log("System is UP!", DefaultConsts.BOLD + DefaultConsts.OKGREEN)
+    upload_file_to_dut(dut_ip, restore_image_path, '/', DefaultConsts.ONIE_USER, DefaultConsts.ONIE_PASSWORD,
+                       timeout=420)
+
+    restore_image_name = restore_image_path.split('/')[-1]
+    print_log('restore image name is {}'.format(restore_image_name))
+    # SSH to ONIE
+    child = create_engine(dut_ip, DefaultConsts.ONIE_USER, DefaultConsts.ONIE_PASSWORD)
+    print_log("Install the image from ONIE")
+    child.sendline('cd /')
+    child.sendline('.*#')
+    child.sendline('onie-stop')
+    child.sendline('.*#')
+    child.sendline('onie-nos-install {}'.format(restore_image_name) +'\r')
+    print_log("Ping system till down")
+    ping_till_alive(dut_ip, should_be_alive=False)
+    print_log("Ping system till alive")
+    ping_till_alive(dut_ip, should_be_alive=True)
+    child.close()
+
+
+def reboot_dut(dut_ip, username, password):
+    '''
+    @summary: this function will reboot dut by executing "reboot" cmd from dut shell
+    and will wait till system is up again
+    :param dut_ip: device under test IP address
+    :param username: username of dut
+    :param password: passwod username
+    '''
+    engine = pexpect.spawn(DefaultConsts.SSH_COMMAND.format(username) + dut_ip, timeout=60)
+    engine.expect(DefaultConsts.PASSWORD_REGEX)
+    engine.sendline(password)
+    engine.expect(DefaultConsts.DEFAULT_PROMPT)
+    print_log("Performing reboot to DUT {}".format(dut_ip))
+    engine.sendline("sudo reboot")
+    ping_till_alive(dut_ip, should_be_alive=False)
+    ping_till_alive(dut_ip, should_be_alive=True)
+
+
+
+def manufacture(dut_ip, restore_image_path):
+    '''
+    @summary: will remove the installed image and intsall the image given in the restore_image_path
+        Assumptions:
+        1. The system is up
+        2. Login username is 'admin' and default password: 'YourPaSsWoRd'
+        3. ONIE system with either no password to enter ONIE cli or 'root' password
+        4. Enough space to upload restore image to ONIE, otherwise it will fail, and will leave system in ONIE mode!
+        5. "onie_insall.sh" script in the same folder as this script,
+            under "tests/platform_tests/test_first_time_boot_password_change"
+        6. Existing image, will not check if the image path is existing, should be accessible without password!
+    Detailed logic of manufacture script:
+        1. Connect to dut
+        2. upload the "onie_install.sh" file in the same folder to dut
+        3. run the bash file, the script "onie_install.sh" is responsible for entering ONIE install mode
+        4. upload image to ONIE
+        5. install image using onie-nos-install
+    :param dut_ip: device to manufacture
+    :param restore_image_path: path to the image
+    '''
+    # create engine for the localhost running this script
+    print_log("Manufacture started", DefaultConsts.OKGREEN + DefaultConsts.BOLD)
+    # perform manufacture
+    enter_onie_install_mode( dut_ip)
+    install_image_from_onie(dut_ip, restore_image_path)
+    print_log("Sleeping for {} secs to stabilize system".format(DefaultConsts.SLEEP_AFTER_MANUFACTURE))
+    time.sleep(DefaultConsts.SLEEP_AFTER_MANUFACTURE)
+    print_log("Manufacture is completed - SUCCESS", DefaultConsts.OKGREEN + DefaultConsts.BOLD)
+
diff --git a/tests/platform_tests/test_first_time_boot_password_change/onie_install.sh b/tests/platform_tests/test_first_time_boot_password_change/onie_install.sh
new file mode 100644
index 00000000000..2c5b4012abc
--- /dev/null
+++ b/tests/platform_tests/test_first_time_boot_password_change/onie_install.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+
+# By this script, SONiC switch moving to ONIE with specific boot_mode
+# The examples of usage:
+#     onie_reboot.sh install
+#     onie_reboot.sh update
+
+onie_mount=/mnt/onie-boot
+os_boot=/host
+onie_partition=
+onie_entry=0
+secure_boot_status=
+
+enable_onie_access()
+{
+	onie_partition=$(fdisk -l | grep "ONIE boot" | awk '{print $1}')
+	if [ ! -d $onie_mount ]; then
+		mkdir /mnt/onie-boot
+	fi
+	mount $onie_partition /mnt/onie-boot
+	if [ ! -e /lib/onie ]; then
+		ln -s /mnt/onie-boot/onie/tools/lib/onie /lib/onie
+	fi
+	PATH=/sbin:/usr/sbin:/bin:/usr/bin:$onie_mount/onie/tools/bin/
+	export PATH
+}
+
+clean_onie_access()
+{
+	rm -f /lib/onie
+	umount $onie_partition
+}
+
+# ONIE entry must exist in grub config
+find_onie_menuentry()
+{
+	onie_entry="$(cat $os_boot/grub/grub.cfg | grep -e 'menuentry' | cat -n | awk '$0~/ONIE/ {print $1-1}')"
+	entries_num="$(echo "$onie_entry" | grep -E '^[0-9]+$' | wc -l)"
+	if [ $entries_num -eq 1 ] && [ $onie_entry -ge 1 ]; then
+		return 0
+	fi
+	return 1
+}
+
+change_grub_boot_order()
+{
+	find_onie_menuentry
+	rc=$?
+	if [ $rc -eq 0 ]; then
+		grub-reboot --boot-directory=$os_boot $onie_entry
+	else
+		echo "ERROR: ONIE entry wasn't found in grub config"
+		return 1
+	fi
+
+    echo "Set onie mode to $1"
+    grub-editenv $onie_mount/grub/grubenv set onie_mode=$1
+	return 0
+}
+
+system_reboot()
+{
+    echo "Reboot will be done after 3 sec."
+    sleep 3
+    /sbin/reboot
+}
+
+check_secure_boot_enabled()
+{
+	secure_boot_status=$(bootctl | grep "Secure Boot" | awk '{print $3}')
+}
+
+
+check_secure_boot_enabled
+rc=$?
+if [ "$secure_boot_status" = "enabled" ]; then
+	onie_partition=$(fdisk -l | grep "EFI System" | awk '{print $1}')
+	if [ ! -d $onie_mount ]; then
+		mkdir /mnt/onie-boot
+	fi
+	mount $onie_partition /mnt/onie-boot
+	grub-editenv $onie_mount/EFI/debian/grubenv set next_entry=ONIE
+	umount $onie_partition
+else
+	enable_onie_access
+	change_grub_boot_order $1
+	clean_onie_access
+fi
+
+if [ $rc -eq 0 ]; then
+	system_reboot
+fi
+
+exit $rc
diff --git a/tests/platform_tests/test_first_time_boot_password_change/test_first_time_boot_password_change.py b/tests/platform_tests/test_first_time_boot_password_change/test_first_time_boot_password_change.py
new file mode 100644
index 00000000000..c04ff878db3
--- /dev/null
+++ b/tests/platform_tests/test_first_time_boot_password_change/test_first_time_boot_password_change.py
@@ -0,0 +1,161 @@
+'''
+This test checks the default password change after initial reboot.
+Due to new the california law, each user must change the default password.
+Passwords such as: "admin", "12345", "root", etc. will no longer be accepted.
+
+Important Note:
+    Please run this test from sonic-mgmt/tests folder, otherwise it will fail!
+'''
+import pytest
+import logging
+import pexpect
+import time
+from tests.common.helpers.assertions import pytest_assert
+from tests.platform_tests.test_first_time_boot_password_change.default_consts import DefaultConsts
+from tests.platform_tests.test_first_time_boot_password_change.manufacture import manufacture, reboot_dut
+
+pytestmark = [
+    pytest.mark.topology('any'),
+    pytest.mark.sanity_check(skip_sanity=True),
+    pytest.mark.disable_loganalyzer,
+    pytest.mark.skip_check_dut_health
+]
+
+
+class currentConfigurations:
+    '''
+    @summary: this class will act database to save current configurations and changes,
+    it will help us understand the current state of the system
+    and we will be using it as a part of cleanup fixtures
+    '''
+    def __init__(self):
+        self.currentPassword = DefaultConsts.DEFAULT_PASSWORD # initial password
+
+
+logger = logging.getLogger(__name__)
+currentConfigurations = currentConfigurations()
+
+
+@pytest.fixture(scope='module', autouse=True)
+def dut_hostname(request):
+    '''
+    @summary: this function returns the hostname of the dut
+    '''
+    hostname = request.config.getoption('--host-pattern')
+    logger.info("Hostname is {}".format(hostname))
+    return hostname
+
+
+@pytest.fixture(scope='module', autouse=True)
+def prepare_system_for_first_boot(request):
+    '''
+    @summary: will bring the system to first boot state
+    by installing the image given by the --restore_to_image
+    '''
+    restore_image_path = request.config.getoption('restore_to_image')
+    hostname = request.config.getoption('--host-pattern')
+    pytest_assert(restore_image_path)
+    manufacture(hostname, restore_image_path)
+
+
+def change_password(dut_hostname, username, current_password, new_password):
+    '''
+    @summary: this function changes the password for the user logged to in the dut_shell on the dut
+    :param dut_ip: device under test
+    :param current_password: current password
+    :param new_password: new password
+    '''
+    logger.info("Changing password for username:{} to password: {}".format(username, new_password))
+    try:
+        # create a new ssh connection
+        engine = pexpect.spawn(DefaultConsts.SSH_COMMAND.format(username) + dut_hostname, timeout=15)
+        # because of race condition
+        engine.delaybeforesend = 0.2
+        engine.delayafterclose = 0.5
+        engine.expect(DefaultConsts.PASSWORD_REGEX)
+        engine.sendline(current_password + '\r')
+        engine.expect(DefaultConsts.SONIC_PROMPT)
+        engine.sendline('sudo touch azmy.txt')
+        engine.expect(DefaultConsts.SONIC_PROMPT)
+        engine.sendline('sudo usermod -p $(openssl passwd -1 {}) {}'.format(new_password, username) + '\r')
+        engine.expect(DefaultConsts.SONIC_PROMPT)
+        logger.info("Sleeping for {} secs to apply password change".format(DefaultConsts.APPLY_CONFIGURATIONS))
+        time.sleep(DefaultConsts.APPLY_CONFIGURATIONS)
+        engine.sendline('exit')
+        engine.close()
+    except Exception as err:
+        logger.info('Got an exception while changing the password')
+        logger.info(str(err))
+
+
+@pytest.fixture(scope='function', autouse=True)
+def restore_original_password(dut_hostname):
+    '''
+    @summary: this function will restore the original password.
+    Edge cases need to consider with this function:
+    1. If the test failed and the original password was not changed: don't do anything
+    2. If the password was changed: need to revert it back to original
+    '''
+    yield
+    logger.info("Restore original password")
+    change_password(dut_hostname,
+                    DefaultConsts.DEFAULT_USER,
+                    currentConfigurations.currentPassword,
+                    DefaultConsts.DEFAULT_PASSWORD)
+
+
+def test_default_password_change_after_first_boot(dut_hostname):
+    '''
+    @summary: in this test case we want to validate the mandatory request of
+    password change after the first boot of the image.
+    According to a new law passed on the united states, default passwords
+    such as: "admin", "root", "12345", etc. are no longer accepted.
+    Test Flow:
+        1.a message should after initial boot requesting password change for default user.
+        2.a successful password change, will be tested by relogin
+    :param dut_hostname: name of device under test
+    '''
+    logger.info("create ssh connection to device after inital boot")
+    engine = pexpect.spawn(DefaultConsts.SSH_COMMAND.format(DefaultConsts.DEFAULT_USER) + dut_hostname)
+    # to prevent race condition
+    engine.delaybeforesend = 0.2
+    engine.delayafterclose = 0.5
+    # it should require password so password will be sent
+    engine.expect(DefaultConsts.PASSWORD_REGEX)
+    engine.sendline(DefaultConsts.DEFAULT_PASSWORD)
+    # we should expect the expired password regex to appead
+    logger.info("Expecting expired message printed")
+    index = engine.expect([DefaultConsts.EXPIRED_PASSWORD_MSG, pexpect.TIMEOUT])
+    if index != 0:
+        raise Exception("We did not catch the message of expired password after initial boot!\n"
+                        "Consider this as a bug or a degradation")
+    logger.info('Entering current password after the expired message appeared')
+    engine.sendline(DefaultConsts.DEFAULT_PASSWORD + '\r')
+    # suggest new password
+    logger.info('Entering a new password, password used is {}'.format(DefaultConsts.NEW_PASSWORD))
+    engine.expect(DefaultConsts.NEW_PASSWORD_REGEX)
+    engine.sendline(DefaultConsts.NEW_PASSWORD + '\r')
+    logger.info('Retyping the new password')
+    engine.expect(DefaultConsts.RETYPE_PASSWORD_REGEX)
+    engine.sendline(DefaultConsts.NEW_PASSWORD + '\r')
+    engine.expect(DefaultConsts.DEFAULT_PROMPT)
+    # will be used in cleanup later
+    currentConfigurations.currentPassword = DefaultConsts.NEW_PASSWORD
+    logger.info("Exit cli for the default user and re-eneter again and expect no password expire message")
+    # close the session
+    engine.close()
+    logger.info("Sleeping for {} secs to allow system update password".format(DefaultConsts.SLEEP_AFTER_MANUFACTURE))
+    time.sleep(DefaultConsts.SLEEP_AFTER_MANUFACTURE)
+    logger.info("create a new ssh connection to device")
+    engine = pexpect.spawn(DefaultConsts.SSH_COMMAND + dut_hostname)
+    engine.delaybeforesend = 0.2
+    engine.delayafterclose = 0.5
+    # expect password
+    engine.expect(DefaultConsts.PASSWORD_REGEX)
+    # enter new password
+    engine.sendline(DefaultConsts.NEW_PASSWORD + '\r')
+    # we should not expect the expired password regex to appear again
+    index = engine.expect([DefaultConsts.EXPIRED_PASSWORD_MSG] + DefaultConsts.DEFAULT_PROMPT)
+    if index == 0:
+        raise Exception("We captured the expiring message again after updating a new password!\n")
+    engine.close()