Generating random passwords with PowerShell, rehash

In the recent password issue with LinkedIn.  The ArsTechnica report really makes it is evident that passwords alone are not enough.  DarkReading also has a good story on this.

Even passwords believed to be secure were hacked within hours or a day or two.  It is simply an issue of computing power.  Contrast that against what the human brain can memorize in regards to complex passwords. 

I was (and still am) a proponent of pass phrases as you could make a longer password and substitute characters and it was easier to remember.  But alas, it is just a password – and that must be recognized.

It is obvious that two-factor is the real way to go.  As Coding Horror elaborated on a while back, and I implemented after there was an attempt to hack my Facebook account (thank you for login alerts).  You know, it really isn’t that big of an inconvenience or problem.

But, I digress.

So, to blog a bit more about using PowerShell to do useful things – like generating a password string.

You can find all kinds of references to doing this.  Go search and pick your favorite:

http://letmebingthatforyou.com/?q=powershell%20generate%20random%20passwords

From that, I chose two.  I quick one liner, and a more complex script.

From PowerShell.com there are a few Generate Random Password Power Tips.  It is obviously a popular topic.

The first:

function Get-RandomPassword {
    param(
        $length = 10,
        $characters =

        'abcdefghkmnprstuvwxyzABCDEFGHKLMNPRSTUVWXYZ123456789!"§$%&/()=?*+#_'
    )
    # select random characters
    $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }
    # output random pwd
    $private:ofs = ""
    [String]$characters[$random]
}

The second:

-join ([Char[]]'abcdefgABCDEFG0123456&%$' | Get-Random -count 20)

That one is pretty good if you just want to generate a password on the fly within a script.

The third:

function Get-RandomPassword {
    param(
        $length = 11,
        $characters = 'abcdefghkmnprstuvwxyzABCDEFGHKLMNPRSTUVWXYZ123456789!"§$%&/()=?*+#_'
    )
    # select random characters
    $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }
    # output random pwd
    $private:ofs = ""
    [String]$characters[$random]
}

function Randomize-Text {
    param(
        $text
    )
    $anzahl = $text.length -1
    $indizes = Get-Random -InputObject (0..$anzahl) -Count $anzahl
    $private:ofs = ''
    [String]$text[$indizes]
}

function Get-ComplexPassword {
    $password = Get-RandomPassword -length 6 -characters 'abcdefghiklmnprstuvwxyz'
    $password += Get-RandomPassword -length 2 -characters '#*+)'
    $password += Get-RandomPassword -length 2 -characters '123456789'
    $password += Get-RandomPassword -length 4 -characters 'ABCDEFGHKLMNPRSTUVWXYZ'
    Randomize-Text $password
}

This last one enforces password policy by guaranteeing a count of specific character types.  Why they left out ‘0’ I don’t know.  Also notice that the calls to Get-RandomPassword at the end constrains the special characters that are used / returned.  So if you have a web site that can’t handle special characters or it cannot handle specific ones you can constrain that here. 

I also found the blog of Erwin Wendland and his Create-RandomPassword Function for creating strong passwords.  This last one I would call a bit more like C#.