Mastodon

How to Generate a Random Password with PowerShell

March 5th, 2026

Generating random passwords is an essential part of maintaining system security. PowerShell provides several ways to create strong, random passwords programmatically.

Method 1: Using .NET Crypto Classes

The most straightforward approach uses .NET’s cryptographic classes:

# Generate a 12-character random password
Add-Type -AssemblyName System.Web
$password = [System.Web.Security.Membership]::GeneratePassword(12, 2)

Write-Host "Generated password: $password"

Method 2: Using SecureString and Random Number Generation

For more control over the password generation process:

# Function to generate random password
function Generate-RandomPassword {
    param(
        [int]$Length = 12,
        [bool]$IncludeSpecialChars = $true
    )

    $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
    if ($IncludeSpecialChars) {
        $chars += '!@#$%^&*()_+-=[]{}|;:,.<>?'
    }

    $password = ''
    $random = New-Object System.Random

    for ($i = 0; $i -lt $Length; $i++) {
        $index = $random.Next(0, $chars.Length)
        $password += $chars[$index]
    }

    return $password
}

# Generate a 16-character password with special characters
$password = Generate-RandomPassword -Length 16 -IncludeSpecialChars $true
Write-Host "Generated password: $password"

Method 3: Using .NET Core/5+ SecureRandom

For newer versions of PowerShell:

# Generate a cryptographically secure random password
Add-Type -AssemblyName System.Security

# Create a random byte array
$bytes = New-Object byte[] 32
[Security.Cryptography.RandomNumberGenerator]::Create().GetBytes($bytes)

# Convert to base64 string (you can customize this further)
$password = [System.Convert]::ToBase64String($bytes) -replace '[^a-zA-Z0-9]', ''

Write-Host "Generated password: $password"

Best Practices

When generating passwords:

  1. Use sufficient length: At least 12 characters for most purposes
  2. Include variety: Mix of uppercase, lowercase, numbers, and special characters
  3. Avoid dictionary words: Ensure randomness to prevent prediction
  4. Store securely: Never log or display passwords in plain text in production

Security Considerations

  • Avoid using Get-Random for security purposes as it’s not cryptographically secure
  • Ensure your system has proper entropy sources for randomness
  • Consider the password requirements of the target systems when generating passwords

Conclusion

PowerShell provides multiple methods for generating secure random passwords. Choose the method that best fits your security requirements and PowerShell version. The .NET approach is generally recommended for its built-in cryptographic support.

Remember to always test password generation in a safe environment before deploying in production systems.