There is no built-in mechanism since we do not store the time when a password changes but you can do it in this way:
auth.settings.extra_fields['auth_user'] = [Field('password_charged_on','datetime',compute=lambda row: row.password and request.now, writable=False)]
if auth.user and auth.user.password_charged_on + datetime.timedelta(days=30)<request.now: redirect(URL('some_error_page'))