Find when the user’s password was last changed
#!/bin/bash
# Get last password change
echo; echo Password Last Changed:; u=$(dscl . list /Users | egrep -v '^_|daemon|nobody'); for i in $u; do printf \\n$i\\t; currentUser=$i;t=$(dscl . read /Users/"$currentUser" | grep -A1 passwordLastSetTime | grep real | awk -F'real>| /dev/null; doneLink:
https://applehelpwriter.com/2018/03/14/6228/
pwpolicy -getglobalpolicy | grep -C2 policyAttributeExpiresEveryNDays
See how many days are left before a user has to change their password
dscl . -read $HOME | /usr/bin/grep -C2 passwordLastSetTime
pwpolicy -u test --get-effective-policy
pwpolicy -getpolicy -u username
sudo defaults write /Library/Preferences/com.apple.loginwindow PasswordExpirationDays NUMBER
STIG Check
/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep maxPINAgeInDays
If the return is null, or is not “maxPINAgeInDays = 60” or set to a smaller value, this is a finding.
/usr/bin/sudo /usr/bin/pwpolicy getaccountpolicies
Link
https://discussions.apple.com/thread/252843434
Apple Password Profile
https://support.apple.com/guide/deployment/password-and-passcode-payload-settings-dep4d6a472a/web
Legacy
https://www.cnet.com/tech/computing/how-to-change-password-expiration-warning-intervals-in-os-x/
