Post

Messkit Series: New-MKPassword

Posted
By Clem Messerli
4 min read
Messkit Series: New-MKPassword

Introduction

In today’s digital landscape, creating strong, unique passwords is more critical than ever. While there are many password managers and online generators available, having the ability to generate secure passwords directly from your PowerShell console can be incredibly useful for system administrators, developers, and security-conscious users.

Today, we’ll explore the New-MKPassword function—a powerful PowerShell tool that generates customizable, secure passwords with various complexity options. Whether you’re a PowerShell beginner or looking to enhance your security toolkit, this guide will walk you through everything you need to know.

What is New-MKPassword?

New-MKPassword is a PowerShell function designed to generate pseudo-random passwords with customizable complexity requirements. Unlike simple password generators, this function gives you granular control over:

  • Password length
  • Number of uppercase letters
  • Number of lowercase letters
  • Number of numeric characters
  • Number of special characters

Why Use PowerShell for Password Generation?

  • Security: Generated locally on your machine without transmitting data over the internet
  • Customization: Fine-tune password requirements to meet specific organizational policies
  • Integration: Easily incorporate into scripts and automation workflows
  • Transparency: Open-source code you can review and modify

Getting Started: Basic Usage

Let’s start with the simplest use case—generating a strong password with default settings:

1
2

# Generate a strong password (24-32 characters)
New-MKPassword

This command creates a password with:

  • Random length between 24-32 characters
  • Mix of uppercase letters, lowercase letters, numbers, and special characters
  • Balanced distribution of character types

Pro Tip: Pipe the output to your clipboard for easy use:

1

New-MKPassword | Set-Clipboard

Understanding the Parameters

Password Length (-PwdLength)

Controls the total length of your password:

1
2

# Generate a 16-character password
New-MKPassword -PwdLength 16

Character Type Controls

Fine-tune the composition of your password:

  • -LCCount: Minimum lowercase letters
  • -UCCount: Minimum uppercase letters
  • -NumCount: Minimum numeric characters
  • -SymCount: Minimum special characters

Real-World Usage Scenarios

Scenario 1: Corporate Password Policy Compliance

Your organization requires passwords with specific character requirements:

1
2

# Password must be 12 characters with at least 2 uppercase, 2 lowercase, 2 numbers, and 1 symbol
New-MKPassword -PwdLength 12 -UCCount 2 -LCCount 2 -NumCount 2 -SymCount 1

Scenario 2: Numeric-Only PIN Generation

Create a numeric PIN for systems that don’t support special characters:

1
2

# Generate a 6-digit PIN
New-MKPassword -PwdLength 6 -NumCount 6

Scenario 3: No Special Characters Allowed

Some legacy systems don’t handle special characters well:

1
2

# 15-character password without special characters
New-MKPassword -PwdLength 15 -SymCount 0

Scenario 4: Maximum Security Password

For highly sensitive accounts:

1
2

# 32-character password with guaranteed character diversity
New-MKPassword -PwdLength 32 -UCCount 8 -LCCount 8 -NumCount 8 -SymCount 8

Advanced Features and Integration

Combining with Other PowerShell Cmdlets

The function works seamlessly with other PowerShell tools:

1
2
3
4
5
6
7
8

# Generate multiple passwords
1..5 | ForEach-Object { New-MKPassword -PwdLength 20 }

# Generate and save passwords to a file
New-MKPassword | Out-File -FilePath "temp_password.txt"

# Use verbose output for debugging
New-MKPassword -PwdLength 12 -Verbose

Integration with Audio Output

The function documentation mentions integration with Get-MKPhonetic for audio representation:

1
2

# Generate password with NATO phonetic audio output
New-MKPassword | Get-MKPhonetic -output audio

Understanding the Algorithm

The New-MKPassword function uses several intelligent mechanisms:

  1. Validation: Ensures character count requirements don’t exceed total password length
  2. Distribution: Automatically distributes remaining characters among specified types
  3. Randomization: Uses PowerShell’s Get-Random cmdlet for randomizing the character sets
  4. Shuffling: Final password characters are randomly shuffled to prevent predictable patterns

Best Practices and Security Considerations

Password Storage

  • Never store generated passwords in plain text files
  • Use a reputable password manager
  • Consider encrypting password files if temporary storage is necessary

Character Sets

The function uses these character sets:

  • Lowercase: a-z (26 characters)
  • Uppercase: A-Z (26 characters)
  • Numeric: 0-9 (10 characters)
  • Special: ~!@$^*()-_=+[]{}:,. (18 characters)

Entropy Considerations

Longer passwords with diverse character types provide better security:

  • 12 characters (mixed): ~72 bits of entropy
  • 16 characters (mixed): ~95 bits of entropy
  • 24 characters (mixed): ~143 bits of entropy

Troubleshooting Common Issues

Error: “Sum of counts exceeds password length”

This occurs when your character requirements exceed the total password length:

1
2
3
4
5

# This will fail
New-MKPassword -PwdLength 8 -UCCount 5 -LCCount 5 -NumCount 5 -SymCount 5

# Solution: Reduce counts or increase length
New-MKPassword -PwdLength 20 -UCCount 5 -LCCount 5 -NumCount 5 -SymCount 5

Getting Predictable Results

If you notice patterns, ensure you’re not constraining the function too heavily. Allow for some randomization in character distribution.

Conclusion

The New-MKPassword function is a versatile tool that brings enterprise-grade password generation capabilities to your PowerShell environment. Whether you’re generating passwords for personal use, automating user account creation, or ensuring compliance with organizational security policies, this function provides the flexibility and security you need.

Remember: strong passwords are just one component of good security hygiene. Combine generated passwords with multi-factor authentication, regular password rotation, and secure storage practices for comprehensive security.

Next Steps

  • Try generating passwords with different parameter combinations
  • Integrate the function into your existing PowerShell scripts
  • Explore combining it with other security-focused PowerShell modules
  • Consider creating wrapper functions for your organization’s specific password policies

This post is part of my PowerShell MessKit module series. Stay tuned for more articles as I help to break down some of the various functions included in this module.

PowerShell, Cybersecurity
messkit scripting automation security password
This post is licensed under CC BY 4.0 by the author.