how to find when the login password was last changed



Sometimes it can be useful to know when the user’s password was last changed. For example, you might want to enforce a policy of having users (or yourself!) change login passwords after a given period. Alternatively, if you or one of your users is experiencing login difficulties, you might want to check that the password hasn’t been changed unbeknownst to (or unremembered by) the user.

We can accomplish this from the command line (aka by using the Terminal.app) with the following one-liner (a raw text version is also available from my pastebin here):

echo; echo Password Last Changed:; u=$(dscl . list /Users | egrep -v '^_|daemon|nobody'); for i in $u; do printf \\n$i\\t; currentUser=$i;t=$(dscl . read /Users/"$currentUser" | grep -A1 passwordLastSetTime | grep real | awk -F'real>|</real' '{print $2}'); date -j -f %s "$t" 2> /dev/null; done

Note the odd entry belonging to user ‘dev’ in the screenshot: the 1970 date is the start of unix time, and its appearance here indicates that the password hasn’t been changed since time began!…or, more seriously, that this password hasn’t been changed since the user account was created.

Enjoy! 😀


About philastokes

Freelance Writer, Developer and Technical Communicator. Explaining the unexplainable with images, video and text. Scripting anything imaginable in Applescript, Bash, C, Objective C, Cocoa, Python and Xcode.

Posted on March 14, 2018, in Scripts, Security, Terminal and tagged , , . Bookmark the permalink. Comments Off on how to find when the login password was last changed.

Comments are closed.

%d bloggers like this: