Function: New-Password – Creating Passwords with PowerShell
Description
When creating new accounts, an admin needs to assign a password. We often then check the box to force a user to change their password when they logon for the first time. Some organizations will use a ‘default’ password for all new accounts. That’s fraught with security implications, and I’ve never recommended it. The downside is that you, as an admin, need to think up a password for each new account. I know how it is – you look around at things on your desk, items on the wall, looking for ideas. Then you have to make sure your super password meets your organizations password requirements, including length and complexity. Well, no more!
Enter New-Password. This function takes one simple input – length. It then spits out a password of said length, using upper and lower case letters, numbers, and punctuation, as well as a phonetic version. If you choose not to use some of the punctuation characters, feel free to just put a ‘#’ in front of that particular line.
function New-Password {
<#
.SYNOPSIS
Displays a complex password.
.DESCRIPTION
Displays a complex password. Output includes password, and phonetic breakdown of the password.
.NOTES
Version : 1.3
Wish List :
Rights Required : No special rights required
: If script is not signed, ExecutionPolicy of RemoteSigned (recommended) or Unrestricted (not recommended)
: If script is signed, ExecutionPolicy of AllSigned (recommended), RemoteSigned,
or Unrestricted (not recommended)
Sched Task Required : No
Lync/Skype4B Version : N/A
Author/Copyright : © Pat Richard, Skype for Business MVP - All Rights Reserved
Email/Blog/Twitter : pat@innervation.com https://www.ucunleashed.com @patrichard
Dedicated Post : https://www.ucunleashed.com/915
Disclaimer : You running this script means you won't blame me if this breaks your stuff. This script is
provided AS IS without warranty of any kind. I disclaim all implied warranties including,
without limitation, any implied warranties of merchantability or of fitness for a particular
purpose. The entire risk arising out of the use or performance of the sample scripts and
documentation remains with you. In no event shall I be liable for any damages whatsoever
(including, without limitation, damages for loss of business profits, business interruption,
loss of business information, or other pecuniary loss) arising out of the use of or inability
to use the script or documentation.
Acknowledgements :
Assumptions : ExecutionPolicy of AllSigned (recommended), RemoteSigned or Unrestricted (not recommended)
Limitations :
Known issues : None yet, but I'm sure you'll find some!
.LINK
Function: New-Password – Creating Passwords with PowerShell
.EXAMPLE
New-Password -Length <integer>
Description
-----------
Creates a password of the defined length
.EXAMPLE
New-Password -Length <integer> -ExcludeSymbols
Description
-----------
Creates a password of the defined length, but does not utilize the following characters: !$%^-_:;{}<># &@]~
.INPUTS
This function does support pipeline input.
#>
#Requires -Version 3.0
[CmdletBinding(SupportsShouldProcess = $true)]
param(
#Defines the length of the desired password
[Parameter(ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)]
[ValidateNotNullOrEmpty()]
[ValidatePattern("[0-9]")]
[int] $Length = 12,
#When specified, only uses alphanumeric characters for the password
[Parameter(ValueFromPipeline = $False, ValueFromPipelineByPropertyName = $True)]
[switch] $ExcludeSymbols
)
PROCESS {
$pw = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
if (!$ExcludeSymbols) {
$pw += "!$%^-_:;{}<># &@]~"
}
$password = -join ([Char[]]$pw | Get-Random -count $length)
Write-Output "`nPassword: $password`n"
ForEach ($character in [char[]]"$password"){
[string]$ThisLetter = $character
switch ($ThisLetter) {
a {$ThisWord = "alpha"}
b {$ThisWord = "bravo"}
c {$ThisWord = "charlie"}
d {$ThisWord = "delta"}
e {$ThisWord = "echo"}
f {$ThisWord = "foxtrot"}
g {$ThisWord = "golf"}
h {$ThisWord = "hotel"}
i {$ThisWord = "india"}
j {$ThisWord = "juliett"}
k {$ThisWord = "kilo"}
l {$ThisWord = "lima"}
m {$ThisWord = "mike"}
n {$ThisWord = "november"}
o {$ThisWord = "oscar"}
p {$ThisWord = "papa"}
q {$ThisWord = "quebec"}
r {$ThisWord = "romeo"}
s {$ThisWord = "sierra"}
t {$ThisWord = "tango"}
u {$ThisWord = "uniform"}
v {$ThisWord = "victor"}
w {$ThisWord = "whiskey"}
x {$ThisWord = "xray"}
y {$ThisWord = "yankee"}
z {$ThisWord = "zulu"}
1 {$ThisWord = "one"}
2 {$ThisWord = "two"}
3 {$ThisWord = "three"}
4 {$ThisWord = "four"}
5 {$ThisWord = "five"}
6 {$ThisWord = "six"}
7 {$ThisWord = "seven"}
8 {$ThisWord = "eight"}
9 {$ThisWord = "nine"}
0 {$ThisWord = "zero"}
! {$ThisWord = "exclamation"}
$ {$ThisWord = "dollar"}
% {$ThisWord = "percent"}
^ {$ThisWord = "carat"}
- {$ThisWord = "hyphen"}
_ {$ThisWord = "underscore"}
: {$ThisWord = "colon"}
`; {$ThisWord = "semicolon"}
`{ {$ThisWord = "left-brace"}
`} {$ThisWord = "right-brace"}
`/ {$ThisWord = "backslash"}
`< {$ThisWord = "less-than"}
`> {$ThisWord = "greater-than"}
`# {$ThisWord = "pound"}
`& {$ThisWord = "ampersand"}
`@ {$ThisWord = "at"}
`] {$ThisWord = "right-bracket"}
`~ {$ThisWord = "tilde"}
default {$ThisWord = "space"}
}
if ($ThisLetter -cmatch $ThisLetter.ToUpper()){
$ThisWord = $ThisWord.ToUpper()
}
$phonetic = $phonetic+" " +$ThisWord
}
$phonetic = $phonetic.trim()
Write-Output "Phonetic: $phonetic"
"Password: $password`nPhonetic: $phonetic" | clip
Write-Output "`n`nThis information has been sent to the clipboard"
}
END{
Remove-Variable ThisWord
Remove-Variable ThisLetter
Remove-Variable Password
Remove-Variable Phonetic
Remove-Variable Pw
}
} # end function New-Password
Now, stick that function in your PowerShell profile. Each time you need a new password, use
New-Password -Length [number]
such as
New-Password -Length 12
And you now have a password to use.
You can also specify -ExcludeSymbols to return only an alphanumeric password, bypassing the added complexity of using non-alphanumeric symbols.
New-Password -Length 12 -ExcludeSymbols
Donations
I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.
It’s a nice function to have on hand. I notice it won’t repeat the same character twice. Can you confirm my finding and how would you address it if we want to allow some repeating character in a password.
I hadn’t noticed the non-repeating characters. I’ll take a look.