Wednesday, July 28, 2021

Password expiration and vacation planning

Ready for vacation: Passwords
The months of July and August are typical vacation times. Many people work with (at least mental) packing list to prepare for some time off. On my list are passwords. I can relax knowing that no password will expire when I am away. The reason is that for some systems it is a big hassle to reset expired password or accounts. Thus, I prepare accounts for vacation.

Password Managers

Before the wide use of password managers it required some effort to remember passwords. Still, I don't have all passwords in a password manager - for different reasons. For the passwords I remember on my own I usually try to change them some days ahead of being away. That's because I want to have gotten used to typing them - muscle memory as some help after vacation.

What's great is that some accounts can be unlocked in a passwordless way: No passwords to remember.

Linux password age

On my Linux systems I can check the password expiration using chage:

chage -l henrik

Last password change                             : May 22, 2021
Password expires                                 : Aug 20, 2021
Password inactive                                : never
Account expires                                  : never
Minimum number of days between password change   : 1
Maximum number of days between password change   : 90
Number of days of warning before password expires: 14

The above shows when the password was changed the last time and when it will expire. Did you know that you could cheat by using chage?

chage -d 2021-05-30

The above command would change the day of the last password change to May 30th, thus implicitly moving the date for password expiration to August 28th. If you own the system that could be fine, but it may not fit corporate guidelines.

Summary

Passwords and system logins may not be needed during an offline vacation. But planning ahead and proactively changing passwords might be a great entry on the ToDo list before some time off. Even better if you have some passwordless system logins because FIDO / FIDO2 security keys do not expire.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.