Big Sur - Force Password Change at Next Logon

Information

The macOS is able to be configured to force users to change their password at next logon.

Temporary passwords are often used for new users when accounts are created. However, once logged in to the system, users must be immediately prompted to change to a permanent password of their creation.

For a user to change their password at next logon, run the following command:
[source,bash]
----
/usr/bin/pwpolicy -u [USER] -setpolicy "newPasswordRequired=1"
----
NOTE: Replace [USER] with the username that must change the password at next logon

Solution

The technology inherently meets this requirement. No fix is required.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, 800-53|IA-5(1), 800-53|IA-5(1)(f), CCE|CCE-85406-7, CCI|CCI-002041

Plugin: Unix

Control ID: eb3694080c11ecc7e8ad34ed9c47e0311ffacb92f9a3adc71c8bec25c4951fef