Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Get-Credential password confirmation

See original GitHub issue

Summary of the new feature/enhancement

Passwords are hard. When we prompt for passwords, especially for complex passwords, it’s important to ensure that we know what we are entering. When using Get-Credential interactively from the command line, you currently only get one opportunity to type in your password. It’s easy to fat finger a complex password. If you fat finger a complex password, then use it somewhere, you can make that resource inaccessible. We should enable a confirmation of the password when using this cmdlet interactively.

Proposed technical implementation details

Consider adding a -ConfirmPassword parameter that confirms two password strings entered at the command line are correct. If correct, proceed with saving the credential. If incorrect, re-prompt the user for matching strings. Something like this:

Successful entry

PS C:\> Get-Credential -credential user1 -ConfirmPassword

PowerShell credential request
Enter your credentials.
Password for user user1: ************
Confirm password for user user1: ************

UserName                     Password
--------                     --------
user1    System.Security.SecureString

Unsuccessful entry

PS C:\> Get-Credential -credential user1 -ConfirmPassword

PowerShell credential request
Enter your credentials.
Password for user user1: *****
Confirm password for user user1: ************

Passwords do not match.
Enter your credentials.
Password for user user1: ************
Confirm password for user user1: ************

UserName                     Password
--------                     --------
user1    System.Security.SecureString

Issue Analytics

  • State:open
  • Created 4 years ago
  • Reactions:8
  • Comments:25 (3 by maintainers)

github_iconTop GitHub Comments

2reactions
iSazonovcommented, Sep 26, 2019

Search public override PSCredential PromptForCredential in https://github.com/PowerShell/PowerShell/blob/1be3f4cc0e465ae11ad8e59e9060f5a59e4762eb/src/Microsoft.PowerShell.Security/security/CredentialCommands.cs

Yes, you should update tests in https://github.com/PowerShell/PowerShell/blob/acb52b3d9c92e347ea529242e8ab25a09ea31222/test/powershell/Modules/Microsoft.PowerShell.Security/GetCredential.Tests.ps1

<div> GitHub</div><div>PowerShell/PowerShell</div><div>PowerShell for every system! Contribute to PowerShell/PowerShell development by creating an account on GitHub.</div>
<div> GitHub</div><div>PowerShell/PowerShell</div><div>PowerShell for every system! Contribute to PowerShell/PowerShell development by creating an account on GitHub.</div>
2reactions
jboeshartcommented, Sep 26, 2019

It’s not a verification of the credential itself. It’s a confirmation that the password you entered twice matches. This would be similar to many web site credential creation procedures that are commonly seen, as well as the passwd command on Linux.

[root@vm1~]# passwd user1
Changing password for user user1.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
Read more comments on GitHub >

github_iconTop Results From Across the Web

Get-Credential (Microsoft.PowerShell.Security)
The Get-Credential cmdlet prompts the user for a password or a user name and ... parameter to confirm that you understand the risks...
Read more >
Get-Credential - PowerShell Command - PDQ
The Get-Credential cmdlet prompts the user for a password or a user name and password. By default, an authentication dialog box appears to...
Read more >
Pass password into -credential - powershell
The Get-Credential cmdlet prompts the user for a password or a user name ... to confirm that you understand the risks of using...
Read more >
Validate Get-Credential Input - PowerShell
It lists all the accounts currently locked out and prompts for the account to modify. It then asks to reset the password or...
Read more >
Check if user password input is valid in Powershell script
I have this in my library: $cred = Get-Credential #Read credentials $username = $cred.username $password = $cred.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

linux GNU screen Clear-Host

Next page

Microsoft.Management.Infrastructure.dll is delay-signed or test-signed