Terminal command to change a user password on a Mac

Acknowledgements

Just a cleaned-up version of directions from Mac Script to change Administrator password

Changing a user password via terminal command

If you ever want to—perhaps for scripting purposes?—change a user's password from the command-line (despite what it says in the link above, you don't have to be logged in as the user to change the user's password, but you do have to be logged in as an admin user), these are the commands you'd use:

sudo /usr/bin/dscl . -passwd /Users/username newpassword
sudo security set-keychain-password -o oldpassword -p newpassword /Users/username/Library/Keychains/login.keychain
Substitute in the actual user's username for username, the actual user's old password for oldpassword and the actual user's new password for newpassword.

If you don't know the old password...

If, for some reason, you (and the user both) have forgotten the user's old password and don't want to deal with keychains issues, you can also just delete the existing keychain (instead of running the second command to update the keychain password):

sudo rm -r /Users/username/Library/Keychains/*

Security issues

One strong caveat is that the terminal, by default, will save commands to ~/.bash_history in plain text, so you're essentially storing a user's password in plain text, unless you temporarily disable bash history or later go into the ~/.bash_history file with a text editor (like nano) and delete the offending lines manually.

If you distribute this as part of a .pkg, nothing will be visible in a .bash_history file, but make sure you keep that .pkg extra secure or delete it after deploying it.

Leave a Reply

Your email address will not be published. Required fields are marked *