Setting a password to expire each month

Discussion in 'macOS' started by phalewhale, Aug 11, 2007.

  1. phalewhale macrumors 6502a

    phalewhale

    Joined:
    Jun 10, 2007
    #1
    Howdy,

    Just wondering if anyone knows how to set a user account within OS X to automatically expire after a given amount of time.

    I'm sick of having to manually change my password each month and would like OS X to remind me to do it on time. Any ideas?

    Any help would be appreciated.

    Ta.
     
  2. xUKHCx Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #2
    I personally haven't come across such an option.

    You could set up iCal to give you monthly alerts to remind you to change your password.
     
  3. phalewhale thread starter macrumors 6502a

    phalewhale

    Joined:
    Jun 10, 2007
    #3
    The only thing is though, iCal won't disable the account if it goes past 30 days for instance. I need this for security purposes. I've had a look at password aging on the net and so far I have come up with nothing... Surely there must be a unix hack to get round OS X's inability to provide this facility???!
     
  4. MacDawg macrumors P6

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #4
    Just curious as the to reason, I know you said security... but it kills me to have to change my password at work and it isn't every month. I like to set it and keep it. Guess I don't have anything really worth protecting though.

    Multiple users you don't trust?
    Nosey roommates?

    No big deal, just curious [runs off to change password]

    Woof, Woof - Dawg [​IMG]
     
  5. phalewhale thread starter macrumors 6502a

    phalewhale

    Joined:
    Jun 10, 2007
    #5
    Paranoia I guess... ;) It's a habit I've been in for years and it goes back to my PC days. No nosey room-mates, wife isn't that nosey, no multiple users... just my paranoid self.

    Having done a little more digging, it seems there are only 2 options to use with the passwd command in terminal on OSX:

    -i
    -l

    On other UNIX machines it seems you have access to more options. These would be handy for what I want to do:

    -n
    -w
    -x

    Trying these options on OSX invites me to change the password for user "-n" for example. So, I guess I'm screwed unless anyone knows of a hack???
     
  6. semaja2 macrumors 6502a

    Joined:
    Dec 12, 2005
    Location:
    Adelaide
    #6
    Schedule a cron job or something to make it reset on next login :S or just remind you :S i know its easier in linux but must be a way in osx
     
  7. antibact1 macrumors 6502

    Joined:
    Jun 1, 2006
    #7
    Having a time based password change requirement is a terrible way to ensure security. As users will be forced to remember a password that is continually changing, they will likely pick passwords that are trivial and easy to remember, as opposed to one password that is strong, yet difficult to remember. Even with an established complexity requirement, such as having letters and numbers present, a user is just as likely to set something like "password1" just so they can remember it.
     
  8. MacDawg macrumors P6

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #8
    You are absolutely right, and that has been my experience at work. In addition, there are those who will then write out all of their passwords and rotate them because they cannot repeat the last 6, 10, etc. So, there is list in the drawer or sitting next to the computer.

    Defeats the whole purpose.

    Woof, Woof - Dawg [​IMG]
     
  9. HawaiiMacAddict macrumors 6502a

    Joined:
    Dec 28, 2006
    Location:
    On one of my Macs of course
    #9
    Aloha,

    Here's a question. Does Mac OS X Server have the same password options as Active Directory? As far as account passwords go, the only time I've been "forced" to change on a give time interval was when my computer was part of an office network, whether that be on UNIX or Windows. I've never been fortunate enough to be part of a Mac-only network, so I don't know if the same options exist, but in Active Directory you can set the minimum password age, numbers of passwords remembered, and also force complexity. Note that Microsoft's definition of complexity is only three of the following (having all four would be best):

    1. Upper-case characters
    2. Lower-case characters
    3. Numbers
    4. Special characters

    HawaiiMacAddict
     
  10. djinn macrumors 68000

    djinn

    Joined:
    Oct 4, 2003
    #10
    Can't you just go into the terminal and change the expiration with "sudo chpass username" ?
     
  11. phalewhale thread starter macrumors 6502a

    phalewhale

    Joined:
    Jun 10, 2007
    #11
    Terrible???

    Guys, I agree that password aging alone should not be relied upon for good security. But, combined with other good security practice, password aging increases system security. FACT! If someone is conscious of security they are hardly likely to use something stupid like "password1", or it's equivalent to secure their system(s).

    I appreciate that there are a lot of folk out there who never change their password, use short passwords, easy to guess passwords, the same password for multiple systems, no password, etc, etc. But to be honest, if someone is dim enough to be this way inclined, then frankly they deserve all they get.

    Anyway, back to the original topic... Still haven't found out how this can be done in OS X. But thanks to semaja2 for an idea... Will post back to let you know how I get on...
     

Share This Page