Create strong passwords in Windows

Learn how to create strong and unique passwords in Windows using PowerShell, because the use of those is important. Whereas creating a secure password was difficult in Windows, you nowadays have the tools at hand to do this properly. Unique passwords keeps you safe(r) online and all those unique passwords are easily and securely stored in a password manager.
Published on Friday, 29 March 2024
openssl password powershell security windows

You know the use of strong and unique passwords is important. Not-so-secure passwords are easily cracked and we read about account takeovers all the time. In this post I show you a couple of methods of creating more secure passwords and random passwords in Windows. Where possible with PowerShell of course. Save these passwords in a password manager (I recommend Bitwarden or Devolutions Hub) for easy usage.

Generate secure passwords with a PowerShell function

In my GitHub Gist I have a PowerShell function to "easily create a random string (or secure password) using PowerShell" you can use and add to your PowerShell Profile for easy usage. For example:

PS C:\Users\JanR> Get-RandomString 20
F4!jFy"6A50Im$mAmOOz

There is even an SQLCompliant command argument to filter out some characters you cannot use in an SQL Server Login password.

PS C:\Users\JanR> Get-RandomString 20 SQLCompliant
xIhv433dfFo1JcAp4Y2X

Generate 'n' secure passwords at once

If you need to create 10 passwords at once, just use a PowerShell loop:

PS > 1..10 | % { Get-RandomString 20 SQLCompliant }
TTFoxZ87txhnbmIU9q5A
R4vWWvwgfP0qIt4XYu9o
s!f%CdUvlCI$zQrCFqSc
1TPCtleGZwHA0wesEGTg
eETPS96UevEjT6SQkKRP
vrPkAeR7Eb$3yN5zn42o
U#qpiEKi3CzdqM9EtHiG
pBmcscaeYIWl9I3BQqm!
xJu2c4vnef5MD1$XsgtE
$JbHI2i!eUTIlW9jlt4g

Or

PS > $numb = 10; for ($i=1; $i -le $numb; $i++) { Get-RandomString 20 SQLCompliant }
PjYqmpDXNaWeuAOcGibl
pl1!d025Lj0z46l8dgGa
d2Yh3rh4Kzw%Op57pHm4
JC6qq8RkWagTa5UJEadG
swOxlUJNUSXHoZ6B#L6P
6cVVuaLi0ik16eM5oBrL
ng9Sk!HhxNzo4sP$u5zX
BiqHekIF46vbibv9vzYk
F1iWL$mVspKDMnU3dtC0
VwMESNmDghHnz!agVshc

You may find the Gist here:

See https://gist.github.com/Digiover/d74a76efedf1e84ddaf947b7284dfe2a.

OpenSSL

If you have OpenSSL installed and available in Windows you can use OpenSSL to generate pseudo-random strings just as you would in Linux.

Install OpenSSL in Windows

To install OpenSSL in Windows all you have to do is use winget (assuming you have an supported Windows version). In an Administrator PowerShell session run:

Search for OpenSSL in the winget repository

PS > winget search openssl
Name                 Id                 Version Match        Source
-------------------------------------------------------------------
FireDaemon OpenSSL 3 FireDaemon.OpenSSL 3.1.4   Tag: openssl winget

Install FireDaemon OpenSSL

PS > winget install FireDaemon.OpenSSL
Found FireDaemon OpenSSL 3 [FireDaemon.OpenSSL] Version 3.1.4
This application is licensed to you by its owner.
Microsoft is not responsible for, nor does it grant any licenses to, third-party packages.
Downloading https://download.firedaemon.com/FireDaemon-OpenSSL/FireDaemon-OpenSSL-x64-3.1.4.exe
  ██████████████████████████████  11.3 MB / 11.3 MB
Successfully verified installer hash
Starting package install...
Successfully installed

Use OpenSSL to create secure passwords

Now you have OpenSSL installed you can start using it to create your passwords. Either in hexadecimal or base64 format for example:

PS C:\Users\JanR> & 'C:\Program Files\FireDaemon OpenSSL 3\bin\openssl.exe' rand -hex 8
23a6a5c9616fbda4
PS C:\Users\JanR> & 'C:\Program Files\FireDaemon OpenSSL 3\bin\openssl.exe' rand -base64 8
ygV7WYQ84VA=

You can use the number of bytes argument (8) to increase the length:

PS C:\Users\JanR> & 'C:\Program Files\FireDaemon OpenSSL 3\bin\openssl.exe' rand -base64 12
qZdgJkYbK9+OrY8F
PS C:\Users\JanR> & 'C:\Program Files\FireDaemon OpenSSL 3\bin\openssl.exe' rand -hex 12
040aafdce624d82ad1ed11af

Tip: if you want to read more about OpenSSL in Windows, then see my posts:

GUID (global unique identifier)

A GUID, or a global unique identifier, can make great temporary or service account passwords. They're long, it's a 128-bit text string, and contains hexadecimal characters and can contain separator characters. You can easily generate a GUID in PowerShell to use as a password, for example:

PS > [guid]::NewGuid().Guid
b42b4927-baac-4451-a2ff-5e023bdb2727

There are different GUID format types though, you use the parameters "N", "D", "B", "P", or "X" as format.

Specifier Format of return value
N 32 digits: 00000000000000000000000000000000
D 32 digits separated by hyphens: 00000000-0000-0000-0000-000000000000
B 32 digits separated by hyphens, enclosed in braces: {00000000-0000-0000-0000-000000000000}
P 32 digits separated by hyphens, enclosed in parentheses: (00000000-0000-0000-0000-000000000000)
X Four hexadecimal values enclosed in braces, where the fourth value is a subset of eight hexadecimal values that is also enclosed in braces: {0x00000000,0x0000,0x0000,{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}}

Testing them out result in:

PS C:\Users\j_rei> [guid]::NewGuid().ToString("P")
(cf0b9c8f-8a60-4241-8210-3f6d89b6ce74)

PS C:\Users\j_rei> [guid]::NewGuid().ToString("B")
{384edf83-c26a-4ef7-958e-30c7e4f20639}

PS C:\Users\j_rei> [guid]::NewGuid().ToString("D")
08eaad7e-92d3-4939-9c80-9f9235d464ea

PS C:\Users\j_rei> [guid]::NewGuid().ToString("N")
277fc9c0815542e29854bc1f58357182

PS C:\Users\j_rei> [guid]::NewGuid().ToString("X")
{0xecc8830b,0x0783,0x4102,{0xa3,0xdb,0xfb,0x03,0x56,0x11,0x08,0x0e}}

Again, these make perfect strong passwords, I use them often for service accounts.

Conclusion generating secure passwords in Windows Server and Windows 11

Whereas creating a secure password was difficult in Windows, you nowadays have the tools at hand to do this properly. Unique passwords keeps you safe(r) online and all those unique passwords are easily and securely stored in a password manager like Bitwarden, Devolutions Hub, 1Password, or KeePass. But whatever you do, do not store passwords in your web browser!

Enjoy!