You know the use of strong and unique passwords is important. Not-so-secure passwords are easily cracked and we read about account takeovers all the time. In this post I show you a couple of methods of creating more secure passwords and random passwords in Windows. Where possible with PowerShell of course. Save these passwords in a password manager (I recommend Bitwarden or Devolutions Hub) for easy usage.
Generate secure passwords with a PowerShell function
In my GitHub Gist I have a PowerShell function to "easily create a random string (or secure password) using PowerShell" you can use and add to your PowerShell Profile for easy usage. For example:
PS C:\Users\JanR> Get-RandomString 20
F4!jFy"6A50Im$mAmOOzThere is even an SQLCompliant command argument to filter out some characters you cannot use in an SQL Server Login password.
PS C:\Users\JanR> Get-RandomString 20 SQLCompliant
xIhv433dfFo1JcAp4Y2XGenerate 'n' secure passwords at once
If you need to create 10 passwords at once, just use a PowerShell loop:
PS > 1..10 | % { Get-RandomString 20 SQLCompliant }
TTFoxZ87txhnbmIU9q5A
R4vWWvwgfP0qIt4XYu9o
s!f%CdUvlCI$zQrCFqSc
1TPCtleGZwHA0wesEGTg
eETPS96UevEjT6SQkKRP
vrPkAeR7Eb$3yN5zn42o
U#qpiEKi3CzdqM9EtHiG
pBmcscaeYIWl9I3BQqm!
xJu2c4vnef5MD1$XsgtE
$JbHI2i!eUTIlW9jlt4gOr
PS > $numb = 10; for ($i=1; $i -le $numb; $i++) { Get-RandomString 20 SQLCompliant }
PjYqmpDXNaWeuAOcGibl
pl1!d025Lj0z46l8dgGa
d2Yh3rh4Kzw%Op57pHm4
JC6qq8RkWagTa5UJEadG
swOxlUJNUSXHoZ6B#L6P
6cVVuaLi0ik16eM5oBrL
ng9Sk!HhxNzo4sP$u5zX
BiqHekIF46vbibv9vzYk
F1iWL$mVspKDMnU3dtC0
VwMESNmDghHnz!agVshcYou may find the Gist here: https://gist.github.com/Digiover/d74a76efedf1e84ddaf947b7284dfe2a
OpenSSL
If you have OpenSSL installed and available in Windows you can use OpenSSL to generate pseudo-random strings just as you would in Linux.
Install OpenSSL in Windows
To install OpenSSL in Windows all you have to do is use winget (assuming you have an supported Windows version). In an Administrator PowerShell session run:
Search for OpenSSL in the winget repository
PS > winget search openssl
Name Id Version Match Source
-------------------------------------------------------------------
FireDaemon OpenSSL 3 FireDaemon.OpenSSL 3.1.4 Tag: openssl wingetInstall FireDaemon OpenSSL
PS > winget install FireDaemon.OpenSSL
Found FireDaemon OpenSSL 3 [FireDaemon.OpenSSL] Version 3.1.4
This application is licensed to you by its owner.
Microsoft is not responsible for, nor does it grant any licenses to, third-party packages.
Downloading https://download.firedaemon.com/FireDaemon-OpenSSL/FireDaemon-OpenSSL-x64-3.1.4.exe
██████████████████████████████ 11.3 MB / 11.3 MB
Successfully verified installer hash
Starting package install...
Successfully installedUse OpenSSL to create secure passwords
Now you have OpenSSL installed you can start using it to create your passwords. Either in hexadecimal or base64 format for example:
PS C:\Users\JanR> & 'C:\Program Files\FireDaemon OpenSSL 3\bin\openssl.exe' rand -hex 8
23a6a5c9616fbda4
PS C:\Users\JanR> & 'C:\Program Files\FireDaemon OpenSSL 3\bin\openssl.exe' rand -base64 8
ygV7WYQ84VA=You can use the number of bytes argument (8) to increase the length:
PS C:\Users\JanR> & 'C:\Program Files\FireDaemon OpenSSL 3\bin\openssl.exe' rand -base64 12
qZdgJkYbK9+OrY8F
PS C:\Users\JanR> & 'C:\Program Files\FireDaemon OpenSSL 3\bin\openssl.exe' rand -hex 12
040aafdce624d82ad1ed11afTip: if you want to read more about OpenSSL in Windows, then see my posts:
GUID (global unique identifier)
A GUID, or a global unique identifier, can make great temporary or service account passwords. They're long, it's a 128-bit text string, and contains hexadecimal characters and can contain separator characters. You can easily generate a GUID in PowerShell to use as a password, for example:
PS > [guid]::NewGuid().Guid
b42b4927-baac-4451-a2ff-5e023bdb2727There are different GUID format types though, you use the parameters "N", "D", "B", "P", or "X" as format.
| Specifier | Format of return value |
|---|---|
N | 32 digits: 00000000000000000000000000000000 |
D | 32 digits separated by hyphens: 00000000-0000-0000-0000-000000000000 |
B | 32 digits separated by hyphens, enclosed in braces: {00000000-0000-0000-0000-000000000000} |
P | 32 digits separated by hyphens, enclosed in parentheses: (00000000-0000-0000-0000-000000000000) |
X | Four hexadecimal values enclosed in braces, where the fourth value is a subset of eight hexadecimal values that is also enclosed in braces: {0x00000000,0x0000,0x0000,{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}} |
Testing them out results in:
PS C:\Users\j_rei> [guid]::NewGuid().ToString("P")
(cf0b9c8f-8a60-4241-8210-3f6d89b6ce74)
PS C:\Users\j_rei> [guid]::NewGuid().ToString("B")
{384edf83-c26a-4ef7-958e-30c7e4f20639}
PS C:\Users\j_rei> [guid]::NewGuid().ToString("D")
08eaad7e-92d3-4939-9c80-9f9235d464ea
PS C:\Users\j_rei> [guid]::NewGuid().ToString("N")
277fc9c0815542e29854bc1f58357182
PS C:\Users\j_rei> [guid]::NewGuid().ToString("X")
{0xecc8830b,0x0783,0x4102,{0xa3,0xdb,0xfb,0x03,0x56,0x11,0x08,0x0e}}Again, these make perfect strong passwords, I use them often for service accounts.
Conclusion generating secure passwords in Windows Server and Windows 11
Whereas creating a secure password was difficult in Windows, you nowadays have the tools at hand to do this properly. Unique passwords keeps you safe(r) online and all those unique passwords are easily and securely stored in a password manager like Bitwarden, Devolutions Hub, 1Password, KeePass. But whatever you do, do not store passwords in your web browser!
Enjoy!
Thank you very much! <3 ❤️
Hi, my name is Jan. I am not a hacker, coder, developer or guru. I am merely an application manager / systems administrator, doing my daily thing at Embrace – The Human Cloud. In the past I worked at CLDIN (CLouDINfra) and Vevida. With over 20 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization. I blog at https://www.saotn.org.
Pingback: Generate pseudo-random passwords with OpenSSL