I get tired of thinking up unique and strong passwords.
So anymore, for the most part, I don’t do it.
I will use random generated passwords, then save them into an Azure KeyVault.
It is a good way to use strong passwords that are practically impossible to remember but then keep them usable and within reach.
I’m also a big fan of randomly generating a password for service accounts.
By using PowerShell to create the service accounts, it’s even better because I never even know the passwords of the service accounts. I can have PowerShell:
- generate a random password
- save the password to the Key Vault, then
- use that password for the service accounts.
It works like a dream!!!
But how do I generate the passwords?
It’s so simple that you’ll never use a homegrown, one-character-at-a-time randomizer again.
Hey…
This article was written before PowerShell Core came along and took away the [System.Web.Security.Membership] class.
This article still works if you’re on Windows PowerShell (through version 5) but if you’re on later PowerShell versions (like you should be)…
Here’s how to Make a Random Password in PowerShell 7
I use the built in .Net Framework GeneratePassword() method.
# GeneratePassword can be called as a static method
# You don't need to instantiate the class first. It works just fine like this:
[System.Web.Security.Membership]::GeneratePassword(24,5)
# It just takes two arguments: "How long is the password" and "How many special characters"?
The generated password is a string, and that's find for reading but not useful for creating a credential object. So you'll usually need to convert the password into a SecureString.
# Same as above, just a different password length and complexity
$PW = [System.Web.Security.Membership]::GeneratePassword(30,10)
# The password as it is now:
$PW
# Converted to SecureString
$SecurePass = $PW | ConvertTo-SecureString -AsPlainText -Force
# The SecureString object
$SecurePass
So that’s all there is to it! If you’ve got questions or comments, I’d love to hear them.
How did this work for you and what else have you tried?