Clicky

Harry R. Schwartz

Software engineer, nominal scientist, gentleman of the internet. Member, ←Hotline Webring→.


Detecting Old Passwords with pass

Published 26 May 2016. Tags: beards, security.

It’s good practice to change your passwords periodically. I definitely can’t keep track of the age of my passwords manually, so I wrote a short shell script to identify passwords that haven’t been changed in the last six months:

#!/usr/bin/env bash

password_store="$HOME/.password-store"
password_refresh_age=180

find "$password_store"/** -mtime +$password_refresh_age | sed -e 's|^'"$password_store"'/||'

I use pass to manage my passwords from the command line. It’s just a shell script that wraps around gpg, git, pwgen, and tree. Pass stores each password in a GPG-encrypted file in the ~/.password-store directory.

Each of those files has a modification time associated with it. This script searches recursively though my .password-store, identifies all the files that haven’t been changed in the last 180 days, strips off some unnecessary directory info, and prints ‘em out. Handy!