passwd — Change a user account password — set, expire, lock, or unlock across all 5 shells
Equivalents in every shell
passwdWithout arguments, changes the calling user's OWN password (prompts for the old one). Root can run `passwd <user>` to set ANY account's password without knowing the old value — this asymmetry is the entire reason `passwd` is setuid. Hashed credentials live in `/etc/shadow`.
passwdSame external binary. macOS uses an Open Directory backend, so `passwd` calls `dscl` under the hood — `sudo dscl . -passwd /Users/alice newpass` is the non-interactive scripted equivalent. FileVault tracks a separate password sync; out-of-band changes may need `fdesetup changepassword`.
passwdSame external `passwd(1)`. Fish has no shell-builtin equivalent. Provisioning scripts should call the binary explicitly (`/usr/bin/passwd`) rather than assume any shell exposes a `passwd` builtin.
Set-LocalUser -Name alice -Password (Read-Host -AsSecureString)Manages LOCAL Windows accounts (`Microsoft.PowerShell.LocalAccounts` ships with PowerShell 5.1+). For Active Directory accounts install RSAT and use `Set-ADAccountPassword -Identity alice -Reset -NewPassword (ConvertTo-SecureString 'newpass' -AsPlainText -Force)`. Passwords are `[SecureString]` — never plain strings — by design.
net user alice *`net user <name> *` prompts for a new password without echo. Unattended: `net user alice newPass1`. Operates on LOCAL accounts only — domain accounts need `dsmod user` or PowerShell `Set-ADAccountPassword`. `/logonpasswordchg:yes` forces a change at next login.
Worked examples
Change your own password (interactive)
passwdSet-LocalUser -Name $env:USERNAME -Password (Read-Host "New password" -AsSecureString)net user %USERNAME% *Force a user to change their password at next login
sudo passwd --expire alicenet user alice /logonpasswordchg:yesnet user alice /logonpasswordchg:yesLock (disable) an account without deleting it
sudo passwd --lock aliceDisable-LocalUser -Name alicenet user alice /active:noGotchas
- `passwd <other-user>` is allowed only if you are ROOT (sudo). The instinct that the prompt asks for the TARGET account's current password is wrong — root sets it WITHOUT knowing the old value. This asymmetry is the entire security premise behind `passwd` being setuid root.
- macOS does not expose `/etc/shadow`; `passwd` is a thin wrapper around the Open Directory `dscl` plumbing. For non-interactive provisioning use `sudo dscl . -passwd /Users/alice newpass` — the user must already exist. FileVault keeps a separate password sync that may need `fdesetup` after a change.
- PowerShell `Set-LocalUser` only manages LOCAL Windows accounts. Domain admins use `Set-ADAccountPassword` from RSAT; this cmdlet is missing on non-admin / Home editions. The `ConvertTo-SecureString -AsPlainText -Force` escape hatch leaves the password in process memory — fine for ad-hoc scripts, not for shared production runners.
- `passwd -e` (Linux: `passwd --expire`) flags the account so the user MUST set a new password at next login. PAM may further refuse `su` to that account until the change happens — surprising in automation. Don't use `passwd -e` as an account lock (that's `passwd -l`); the semantics differ.
- `net user alice newPass1 /domain` only works on domain-joined Windows machines and contacts a DC; on a workgroup machine it errors `The user name could not be found`. PowerShell `Set-LocalUser` always targets the LOCAL SAM, so it doesn't surprise you with a domain lookup — use it for explicit local-only intent.