Setting a password to expire each month

phalewhale

macrumors 6502a
Original poster
Jun 10, 2007
666
0
Howdy,

Just wondering if anyone knows how to set a user account within OS X to automatically expire after a given amount of time.

I'm sick of having to manually change my password each month and would like OS X to remind me to do it on time. Any ideas?

Any help would be appreciated.

Ta.
 

xUKHCx

Administrator emeritus
Jan 15, 2006
12,045
6
The Kop
I personally haven't come across such an option.

You could set up iCal to give you monthly alerts to remind you to change your password.
 

phalewhale

macrumors 6502a
Original poster
Jun 10, 2007
666
0
I personally haven't come across such an option.

You could set up iCal to give you monthly alerts to remind you to change your password.
The only thing is though, iCal won't disable the account if it goes past 30 days for instance. I need this for security purposes. I've had a look at password aging on the net and so far I have come up with nothing... Surely there must be a unix hack to get round OS X's inability to provide this facility???!
 

MacDawg

macrumors Core
Mar 20, 2004
19,709
4,278
"Between the Hedges"
Just curious as the to reason, I know you said security... but it kills me to have to change my password at work and it isn't every month. I like to set it and keep it. Guess I don't have anything really worth protecting though.

Multiple users you don't trust?
Nosey roommates?

No big deal, just curious [runs off to change password]

Woof, Woof - Dawg
 

phalewhale

macrumors 6502a
Original poster
Jun 10, 2007
666
0
Just curious as the to reason, I know you said security... but it kills me to have to change my password at work and it isn't every month. I like to set it and keep it. Guess I don't have anything really worth protecting though.

Multiple users you don't trust?
Nosey roommates?

No big deal, just curious [runs off to change password]

Woof, Woof - Dawg
Paranoia I guess... ;) It's a habit I've been in for years and it goes back to my PC days. No nosey room-mates, wife isn't that nosey, no multiple users... just my paranoid self.

Having done a little more digging, it seems there are only 2 options to use with the passwd command in terminal on OSX:

-i
-l

On other UNIX machines it seems you have access to more options. These would be handy for what I want to do:

-n
-w
-x

Trying these options on OSX invites me to change the password for user "-n" for example. So, I guess I'm screwed unless anyone knows of a hack???
 

semaja2

macrumors 6502a
Dec 12, 2005
575
0
Adelaide
Schedule a cron job or something to make it reset on next login :S or just remind you :S i know its easier in linux but must be a way in osx
 

antibact1

macrumors 6502
Jun 1, 2006
334
0
Having a time based password change requirement is a terrible way to ensure security. As users will be forced to remember a password that is continually changing, they will likely pick passwords that are trivial and easy to remember, as opposed to one password that is strong, yet difficult to remember. Even with an established complexity requirement, such as having letters and numbers present, a user is just as likely to set something like "password1" just so they can remember it.
 

MacDawg

macrumors Core
Mar 20, 2004
19,709
4,278
"Between the Hedges"
Having a time based password change requirement is a terrible way to ensure security. As users will be forced to remember a password that is continually changing, they will likely pick passwords that are trivial and easy to remember, as opposed to one password that is strong, yet difficult to remember. Even with an established complexity requirement, such as having letters and numbers present, a user is just as likely to set something like "password1" just so they can remember it.
You are absolutely right, and that has been my experience at work. In addition, there are those who will then write out all of their passwords and rotate them because they cannot repeat the last 6, 10, etc. So, there is list in the drawer or sitting next to the computer.

Defeats the whole purpose.

Woof, Woof - Dawg
 

HawaiiMacAddict

macrumors 6502a
Dec 28, 2006
905
0
On one of my Macs of course
Aloha,

Here's a question. Does Mac OS X Server have the same password options as Active Directory? As far as account passwords go, the only time I've been "forced" to change on a give time interval was when my computer was part of an office network, whether that be on UNIX or Windows. I've never been fortunate enough to be part of a Mac-only network, so I don't know if the same options exist, but in Active Directory you can set the minimum password age, numbers of passwords remembered, and also force complexity. Note that Microsoft's definition of complexity is only three of the following (having all four would be best):

1. Upper-case characters
2. Lower-case characters
3. Numbers
4. Special characters

HawaiiMacAddict
 

djinn

macrumors 68000
Oct 4, 2003
1,664
106
Can't you just go into the terminal and change the expiration with "sudo chpass username" ?
 

phalewhale

macrumors 6502a
Original poster
Jun 10, 2007
666
0
Terrible???

Having a time based password change requirement is a terrible way to ensure security. As users will be forced to remember a password that is continually changing, they will likely pick passwords that are trivial and easy to remember, as opposed to one password that is strong, yet difficult to remember. Even with an established complexity requirement, such as having letters and numbers present, a user is just as likely to set something like "password1" just so they can remember it.
You are absolutely right, and that has been my experience at work. In addition, there are those who will then write out all of their passwords and rotate them because they cannot repeat the last 6, 10, etc. So, there is list in the drawer or sitting next to the computer.

Defeats the whole purpose.
Guys, I agree that password aging alone should not be relied upon for good security. But, combined with other good security practice, password aging increases system security. FACT! If someone is conscious of security they are hardly likely to use something stupid like "password1", or it's equivalent to secure their system(s).

I appreciate that there are a lot of folk out there who never change their password, use short passwords, easy to guess passwords, the same password for multiple systems, no password, etc, etc. But to be honest, if someone is dim enough to be this way inclined, then frankly they deserve all they get.

Anyway, back to the original topic... Still haven't found out how this can be done in OS X. But thanks to semaja2 for an idea... Will post back to let you know how I get on...