Last active
August 2, 2019 18:54
-
-
Save CJHarmath/afde4a3ce2159d2f9fbf0bbcfed9d501 to your computer and use it in GitHub Desktop.
Function to test password complexity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-PasswordComplexity { | |
| <# | |
| .SYNOPSIS | |
| Testing if a given password is complex | |
| .DESCRIPTION | |
| Based on the given SecureString or Credential the function tests if the password used is complex enough. | |
| The complexity is calculated based on the number of character classes use in the password. | |
| The classes are lower case letter, upper case letters, numbers and special characters. | |
| Each class gets a complexity point and the password must include at least 3 classes. | |
| The length requirement defaults to 10, but can be overriden. | |
| Based on http://tompaps.blogspot.com/2018/01/verify-password-complexity-os.html | |
| With a few security enhancements in mind and using advanced function. | |
| .PARAMETER SecurePassword | |
| The password to be tested as a SecureString | |
| .PARAMETER Credential | |
| The credential object which password is going to be tested | |
| .PARAMETER MinPasswordLength | |
| Optional. Defaults to 10. The minimum length requirement for accepted passwords. | |
| .EXAMPLE | |
| $secureString = Read-Host -AsSecureString -Prompt "enter password" | |
| enter password: *********** | |
| > Test-PasswordComplexity -SecurePassword $secureString | |
| > Test-PasswordComplexity -SecurePassword $secureString | |
| IsValid Length Complexity ComplexityScore | |
| ------- ------ ---------- --------------- | |
| True length - OK complex 4 | |
| .EXAMPLE | |
| $secureStringWeak = Read-Host -AsSecureString -Prompt "enter password" | |
| enter password: ****** | |
| > Test-PasswordComplexity -SecurePassword $secureStringWeak | |
| IsValid Length Complexity ComplexityScore | |
| ------- ------ ---------- --------------- | |
| False length < 10 NOT complex 1 | |
| .LINK | |
| http://tompaps.blogspot.com/2018/01/verify-password-complexity-os.html | |
| #> | |
| [CmdletBinding( | |
| DefaultParameterSetName = 'SecurePassword' | |
| )] | |
| [OutputType('PasswordComplexity')] | |
| param ( | |
| [Parameter(Mandatory, ParameterSetName = 'SecurePassword')] | |
| [SecureString] | |
| $SecurePassword, | |
| [Parameter(Mandatory, ParameterSetName = 'Credential')] | |
| [PSCredential] | |
| $Credential, | |
| [Parameter()] | |
| [int] | |
| $MinPasswordLength = 10 | |
| ) | |
| try { | |
| if ($PSCmdlet.ParameterSetName -eq 'SecurePassword') { | |
| $passwordString = (New-Object PSCredential "user",$SecurePassword).GetNetworkCredential().Password | |
| } else { | |
| $passwordString = $Credential.GetNetworkCredential().Password | |
| } | |
| $valid = $true | |
| # checking the minimal length | |
| if($passwordString.length -lt $MinPasswordLength){ | |
| $passwordLength = "length < {0}" -f $MinPasswordLength | |
| $valid = $false | |
| } else { | |
| $passwordLength = "length - OK" | |
| } | |
| $pwComplexity = 0 | |
| # lowercase | |
| if($passwordString -cmatch "[a-z]"){ | |
| $pwComplexity++ | |
| } | |
| # uppercase | |
| if($passwordString -cmatch "[A-Z]"){ | |
| $pwComplexity++ | |
| } | |
| # digits | |
| if($passwordString -cmatch "[0-9]"){ | |
| $pwComplexity++ | |
| } | |
| # special character (not alphabetic characters or numbers) | |
| if($passwordString -cmatch "[^a-zA-Z0-9]"){ | |
| $pwComplexity++ | |
| } | |
| # if 3 of the criterias | |
| if($pwComplexity -ge 3){ | |
| $complexity = "complex" | |
| } | |
| else{ | |
| $complexity = "NOT complex" | |
| $valid = $false | |
| } | |
| [PSCustomObject]@{ | |
| IsValid = $valid | |
| Length = $passwordLength | |
| Complexity = $complexity | |
| ComplexityScore = $pwComplexity | |
| PSTypeName = 'PasswordComplexity' | |
| } | |
| } catch { | |
| Write-Error -ErrorRecord $_ | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-PasswordComplexity { | |
| <# | |
| .SYNOPSIS | |
| Testing if a given password is complex | |
| .DESCRIPTION | |
| Based on the given SecureString or Credential the function tests if the password used is complex enough. | |
| The complexity is calculated based on the number of character classes use in the password. | |
| The classes are lower case letter, upper case letters, numbers and special characters. | |
| Each class gets a complexity point and the password must include at least 3 classes. | |
| The length requirement defaults to 10, but can be overriden. | |
| Based on http://tompaps.blogspot.com/2018/01/verify-password-complexity-os.html | |
| With a few security enhancements in mind and using advanced function. | |
| .PARAMETER SecurePassword | |
| The password to be tested as a SecureString | |
| .PARAMETER Credential | |
| The credential object which password is going to be tested | |
| .PARAMETER MinPasswordLength | |
| Optional. Defaults to 10. The minimum length requirement for accepted passwords. | |
| .EXAMPLE | |
| $secureString = Read-Host -AsSecureString -Prompt "enter password" | |
| enter password: *********** | |
| > Test-PasswordComplexity -SecurePassword $secureString | |
| > Test-PasswordComplexity -SecurePassword $secureString | |
| IsValid Length Complexity ComplexityScore | |
| ------- ------ ---------- --------------- | |
| True length - OK complex 4 | |
| .EXAMPLE | |
| $secureStringWeak = Read-Host -AsSecureString -Prompt "enter password" | |
| enter password: ****** | |
| > Test-PasswordComplexity -SecurePassword $secureStringWeak | |
| IsValid Length Complexity ComplexityScore | |
| ------- ------ ---------- --------------- | |
| False length < 10 NOT complex 1 | |
| .LINK | |
| http://tompaps.blogspot.com/2018/01/verify-password-complexity-os.html | |
| #> | |
| [CmdletBinding( | |
| DefaultParameterSetName = 'SecurePassword' | |
| )] | |
| [OutputType('PasswordComplexity')] | |
| param ( | |
| [Parameter(Mandatory, ParameterSetName = 'SecurePassword')] | |
| [SecureString] | |
| $SecurePassword, | |
| [Parameter(Mandatory, ParameterSetName = 'Credential')] | |
| [PSCredential] | |
| $Credential, | |
| [Parameter()] | |
| [int] | |
| $MinPasswordLength = 10 | |
| ) | |
| try { | |
| if ($PSCmdlet.ParameterSetName -eq 'SecurePassword') { | |
| $passwordString = (New-Object PSCredential "user",$SecurePassword).GetNetworkCredential().Password | |
| } else { | |
| $passwordString = $Credential.GetNetworkCredential().Password | |
| } | |
| $valid = $true | |
| # checking the minimal length | |
| if($passwordString.length -lt $MinPasswordLength){ | |
| $passwordLength = "length < {0}" -f $MinPasswordLength | |
| $valid = $false | |
| } else { | |
| $passwordLength = "length - OK" | |
| } | |
| $pwComplexity = 0 | |
| # lowercase | |
| if($passwordString -cmatch "[a-z]"){ | |
| $pwComplexity++ | |
| } | |
| # uppercase | |
| if($passwordString -cmatch "[A-Z]"){ | |
| $pwComplexity++ | |
| } | |
| # digits | |
| if($passwordString -cmatch "[0-9]"){ | |
| $pwComplexity++ | |
| } | |
| # special character (not alphabetic characters or numbers) | |
| if($passwordString -cmatch "[^a-zA-Z0-9]"){ | |
| $pwComplexity++ | |
| } | |
| # if 3 of the criterias | |
| if($pwComplexity -ge 3){ | |
| $complexity = "complex" | |
| } | |
| else{ | |
| $complexity = "NOT complex" | |
| $valid = $false | |
| } | |
| [PSCustomObject]@{ | |
| IsValid = $valid | |
| Length = $passwordLength | |
| Complexity = $complexity | |
| ComplexityScore = $pwComplexity | |
| PSTypeName = 'PasswordComplexity' | |
| } | |
| } catch { | |
| Write-Error -ErrorRecord $_ | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment