Unlock Random Password Generation with PowerShell

Published:20 June 2019 - 2 min. read

Azure Cloud Labs: these FREE, on‑demand Azure Cloud Labs will get you into a real‑world environment and account, walking you through step‑by‑step how to best protect, secure, and recover Azure data.

It’s important to keep passwords long and not easily guessed. You might know how to create a secure password but wouldn’t it be nice to have a little script to do it for you? Lucky for you, if you’re on Windows, you can build a random password generator with PowerShell that will generate various lengths and complexity!

Not a reader? Watch this related video tutorial!
Not seeing the video? Make sure your ad blocker is disabled.

Instead of building your own random password generator, instead just use an existing method that Microsoft already provides called the GeneratePassword() .NET method. This method comes with the System.Web.Security.Membership class and will do everything you need.

Building the Script

To build this simple script, you’ll first need to make the System.Web assembly available. The System.Web.Security.Membership class is part of this assembly and it is not available by default.

Add-Type -AssemblyName 'System.Web'

Once the System.Web assembly is available, you can now invoke the GeneratePassword() method.

The GeneratePassword() method has two arguments; length and numberOfNonAlphanumericCharacters. Using these two arguments allows you to create all kinds of random passwords with PowerShell.

  • Length – This is the length of characters the password will be.
  • numberOfNonAlphanumericCharacters – This is the number of non-alphanumeric characters that the method will generate. Think characters such as @,%,&, etc.

First, define the length of password you’d like to have. The below example is setting a variable of 10 which you’ll pass to the method.

$length = 10

Next, define the number of non-alphanumeric characters you’d like to include in the password. The below code snippet sets a variable 5 which you’ll provide to the method to ensure five non-alpha characters are in the password.

$nonAlphaChars = 5

Next is when you will call the GeneratePassword() method passing in the values of both of the variables defined above.

[System.Web.Security.Membership]::GeneratePassword($length, $nonAlphaChars)

When you execute the above code snippet, PowerShell will return a random assortment of characters in a string which you can then use wherever you’d like.

Building Random Password Length

You can even get a bit more random and make the password lengths random as well. Use the Get-Random cmdlet to come up with a random integer which you can then use as the length argument generating a random length password also!

$minLength = 5 ## characters
$maxLength = 10 ## characters
$length = Get-Random -Minimum $minLength -Maximum $maxLength
$nonAlphaChars = 5
$password = [System.Web.Security.Membership]::GeneratePassword($length, $nonAlphaChars)

If you’ll be using this password in PowerShell, many components require a secure string. Once you have the password as a plain-text string, you can then convert it to a secure string using the ConvertTo-SecureString cmdlet.

$secPw = ConvertTo-SecureString -String $password -AsPlainText -Force

Building a PowerShell Function

Finally, take this random password generator to the next level by creating a function you can use wherever you want without having to remember all of the syntaxes explained above.

function New-RandomPassword {
    param(
        [Parameter()]
        [int]$MinimumPasswordLength = 5,
        [Parameter()]
        [int]$MaximumPasswordLength = 10,
        [Parameter()]
        [int]$NumberOfAlphaNumericCharacters = 5,
        [Parameter()]
        [switch]$ConvertToSecureString
    )
    
    Add-Type -AssemblyName 'System.Web'
    $length = Get-Random -Minimum $MinimumPasswordLength -Maximum $MaximumPasswordLength
    $password = [System.Web.Security.Membership]::GeneratePassword($length,$NumberOfAlphaNumericCharacters)
    if ($ConvertToSecureString.IsPresent) {
        ConvertTo-SecureString -String $password -AsPlainText -Force
    } else {
        $password
    }
}

Once you’ve added this function to your profile, a PowerShell module perhaps or just copying/pasting it into your current session, you can execute it easily.

New-RandomPassword -MinimumPasswordLength 10 -MaximumPasswordLength 15 -NumberOfAlphaNumericCharacters 6 -ConvertToSecureString

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!