Generating Easy and Secure Passwords in PowerShell

Hi Everyone,

So the other day, I found a much easier way to generate secure passwords in PowerShell. Before this, we had to have a list of all the available characters and put them into a CharArray, or ping an internet service like dinopass.com.

Not anymore!

From now on, whenever I need to generate a password in PowerShell, I will be using the

GeneratePassword()

Function from the [System.Web.Security.Membership] namespace. What this allows you to do, is generate a string of a specified length, with a specified amount of alphanumerical characters.

So if I wanted a password that was 10 characters long and had 5 alphanumerical characters, I would use:

[System.Web.Security.Membership]::GeneratePassword(10,5)

I usually just wrap that in a function because I’ve found you need to add the ‘System.Web’ assembly and it’s cleaner to add it in the function rather than the entire script. This is my new function:

function New-RandomPassword(){
    Add-Type -AssemblyName 'System.Web'
    return [System.Web.Security.Membership]::GeneratePassword(10,5)
}

Hope you learnt something from this 🙂

Using DinoPass in PowerShell

This is a nice little trick I learnt whilst automating domain user creation with PowerShell, I found generating passwords in PowerShell was always ugly. Just see the example below from a previous post I’d made:

[string]$initialpassword = ([char[]](Get-Random -input $(47..57 + 65..90 +97..122) -count 8)) + (Get-Random -minimum 0 -maximum 10)

$passwordwithspacesremoved = $initialpassword.Replace(' ','')

$convertedpassword = ConvertTo-SecureString -AsPlainText $passwordwithspacesremoved -Force

This would generate a password like “cDUtxlvM5” which is just about as ugly as the code used to create it.

So I decided to use DinoPass instead since it created better looking passwords without the faff of generating them in PowerShell. This is a the code I used:

Invoke-WebRequest -Uri https://www.dinopass.com/password/strong | Select-Object -ExpandProperty content

Which would give me a much nicer, but still secure, password like “poorJump62”. Then to use it when automating domain user creation, I would use the below and put the whole thing into a variable that I would set the password to:

$super_secure_password = Invoke-WebRequest -Uri https://www.dinopass.com/password/strong | Select-Object -ExpandProperty content | ConvertTo-SecureString -AsPlainText -Force

Enjoy!