Harry R. Schwartz

Software engineer, nominal scientist, gentleman of the Internet.

bearded cartoon drawing of the author hacker news gitlab sourcehut pinboard librarything 1B41 8F2C 23DE DD9C 807E A74F 841B 3DAE 25AE 721B


British Columbia






Detecting Old Passwords with pass

Harry R. Schwartz

Published .
Tags: beards, security.

It’s good practice to change your passwords periodically. I definitely can’t keep track of the age of my passwords manually, so I wrote a short shell script to identify passwords that haven’t been changed in the last six months:

#!/usr/bin/env bash


find "$password_store"/** -mtime +$password_refresh_age | sed -e 's|^'"$password_store"'/||'

I use pass to manage my passwords from the command line. It’s just a shell script that wraps around gpg, git, pwgen, and tree. Pass stores each password in a GPG-encrypted file in the ~/.password-store directory.

Each of those files has a modification time associated with it. This script searches recursively though my .password-store, identifies all the files that haven’t been changed in the last 180 days, strips off some unnecessary directory info, and prints ‘em out. Handy!

You might like these textually similar articles: