On a linux system you can see (and change) the user password expiry information with the command chage. That command is not available on macOS. It seems the replacement is pwpolicy, but I can't get it to work. I've tried various ways like pwpolicy -getglobalpolicy or pwpolicy -u username -getaccountpolicies but nothing is returning useful information. I have tried it with and without sudo.
Try
dscl . -read $HOME | /usr/bin/grep -C2 passwordLastSetTime
to get when the password was last set (some parsing of output will be needed)
<key>passwordLastSetTime</key>
<real>1616603182.8288069</real>
Try
pwpolicy -getglobalpolicy | grep -C2 policyAttributeExpiresEveryNDays
to get password policyAttributeExpiresEveryNDays
<key>policyAttributeExpiresEveryNDays</key>
<integer>90</integer>
Then do the math. Not fun, as you may have to work in seconds and days.
Unless you set them up, there is likely not a password expiry date since the default is to never expire.
i’m pretty sure you set those up through profiles made with Apple‘s mobile device management (MDM) tools, but you can do it with https://support.addigy.com/support/solutions/articles/8000051423-applying-a-password-policy-to-macos-devices-using-a-script
This basically solved my problem. Here is an ugly line to get the passwordLastSetTime and translate it to a date:
date -r `dscl . -read $HOME | /usr/bin/grep -A1 passwordLastSetTime | grep -o -E '[0-9]+' | head -n 1`
In my corporate environment, pwpolicy -getglobalpolicy doesn't work for me, but the following line does:
pwpolicy getaccountpolicies | grep -A1 \>policyAttributeExpiresEveryNDays
So, a little bit more date calculation and I can figure out when the password will expire.
Thank you!
I just tried the following (without "sudo") on macOS Catalina and it returned the information:
pwpolicy -u test --get-effective-policy
and it returned:
isDisabled=false newPasswordRequired=false
The "man" page for "pwpolicy" does mention these older style options are deprecated and you are supposed to use the "Account Policies" options of the "pwpolicy" command. I did not attempt to test using the command line to modify the settings as I don't want to break anything on my Mac.
Is this your own personal Mac or is it being managed by a school or business that may restrict access to some of these items?
I did find this thread which also mentions these things:
https://apple.stackexchange.com/questions/287217/how-to-force-the-mac-to-not-expire-passwords
Floating point time to understandable time in the Terminal:
ruby -e 'puts Time.at(1616603182.8288069).asctime;'
Wed Mar 24 12:26:22 2021
ruby -e 'puts Time.at(1616603182.8288069).localtime;'
2021-03-24 12:26:22 -0400
ruby -e 'puts Time.at(1616603182.8288069).strftime("%FT%X")'
2021-03-24T12:26:22
Finding the user password expiration date