Password For Mac User

Update May, 2019

Now that there are SecureToken users, the command below no longer works to reset another user's password. Thanks to mario on the MacAdmins Slack for testing.

Acknowledgements

Specifically the Mac users. I've found several ways for users to be notified of an expiring password (scripts+email, adpassmon, etc). The problem is the actual password change. The Windows users can VPN in, hit Ctrl-Alt-Del, change their password and everything is updated and fine. Enter the old password and new password for the user, verify it and click Change Password button. Then the macOS user password would be changed. Remove macOS user account password: Type the old password but let New password box be blank.

Just a cleaned-up version of directions from Mac Script to change Administrator password

Changing a user password via terminal command

If you ever want to—perhaps for scripting purposes?—change a user's password from the command-line (despite what it says in the link above, you don't have to be logged in as the user to change the user's password, but you do have to be logged in as an admin user), these are the commands you'd use:

sudo /usr/bin/dscl . -passwd /Users/usernamenewpassword
sudo security set-keychain-password -o oldpassword -p newpassword /Users/username/Library/Keychains/login.keychain

Substitute in the actual user's username for

Password For User Macbook Air

username, the actual user's old password for oldpassword and the actual user's new password for newpassword User

If you don't know the old password...

If, for some reason, you (and the user both) have forgotten the user's old password and don't want to deal with keychains issues, you can also just delete the existing keychain (instead of running the second command to update the keychain password):

Security issues

One strong caveat is that the terminal, by default, will save commands to ~/.bash_history in plain text, so you're essentially storing a user's password in plain text, unless you temporarily disable bash history or later go into the ~/.bash_history file with a text editor (like nano) and delete the offending lines manually.

If you distribute this as part of a .pkg, nothing will be visible in a .bash_history file, but make sure you keep that .pkg extra secure or delete it after deploying it.

The user account named ”root” is a superuser with read and write privileges to more areas of the system, including files in other macOS user accounts. The root user is disabled by default. If you can log in to your Mac with an administrator account, you can enable the root user, then log in as the root user to complete your task.

Macbook Password Issues

The root user account is not intended for routine use. Its privileges allow changes to files that are required by your Mac. To undo such changes, you might need to reinstall your system software. You should disable the root user after completing your task.

It's safer to use the sudo command in Terminal instead of enabling the root user. To learn about sudo, open the Terminal app and enter man sudo.

Enable or disable the root user

Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
Click , then enter an administrator name and password.
Click Login Options.
Click Join (or Edit).
Click Open Directory Utility.
Click in the Directory Utility window, then enter an administrator name and password.
From the menu bar in Directory Utility:
- Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
- Or choose Edit > Disable Root User.

Log in as the root user