Find when the user’s password was last changed

# Get last password change

echo; echo Password Last Changed:; u=$(dscl . list /Users | egrep -v '^_|daemon|nobody'); for i in $u; do printf \\n$i\\t; currentUser=$i;t=$(dscl . read /Users/"$currentUser" | grep -A1 passwordLastSetTime | grep real | awk -F'real>| /dev/null; done


pwpolicy -getglobalpolicy | grep -C2 policyAttributeExpiresEveryNDays

See how many days are left before a user has to change their password
dscl . -read $HOME | /usr/bin/grep -C2 passwordLastSetTime

pwpolicy -u test --get-effective-policy

pwpolicy -getpolicy -u username

sudo defaults write /Library/Preferences/ PasswordExpirationDays NUMBER

STIG Check
/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep maxPINAgeInDays
If the return is null, or is not “maxPINAgeInDays = 60” or set to a smaller value, this is a finding.

/usr/bin/sudo /usr/bin/pwpolicy getaccountpolicies


Apple Password Profile



No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *