What's the most secure way to ask for / pass in credentials?

shanebagel · July 26, 2023, 12:01am

I have a script that I want to ask the user who runs it to type in credentials - I don’t want to use pscredential - because it prompts for a username - which I DON’T need:

[CmdletBinding()]
Param (   
    [Parameter(ValueFromPipeline = $True, Mandatory = $False)]
    [ValidateNotNull()]
    [SecureString]$Credential,

)

if (-not $Credential) {
    Write-Host "Please enter a password for the new user:"
    $Credential = Read-Host -AsSecureString
}

Is this bad practice? Is there a better way to ask for credentials - the only ways I know are with pscredential which relies on Get-Credential. Is this not secure?

krzydoug · July 26, 2023, 12:11am

This is incorrect. You can specify the username

Get-Credential username

Get-Credential username@domain.com

Get-Credential domain\username

Now if you don’t want the user to see and/or be able to change the username, then Read-Host -AsSecureString would be the way to go. However, I’d still use a pscredential

$securepassword = Read-Host "Please enter a password for the new user" -AsSecureString
$credential = New-Object PSCredential $username, $securepassword

shanebagel · July 26, 2023, 12:22am

Perfect thank youuuuu

Topic		Replies	Views
Need security tips asking for credentials on a script PowerShell Help	4	131	June 6, 2016
Adding credentials to a script. PowerShell Help	0	167	December 31, 2011
powershell script to login in remote machine PowerShell Help	4	160	October 31, 2017
how to use secured credentials PowerShell Help	5	207	February 26, 2020
Windows Prompt Box PowerShell Help	8	168	February 25, 2020

What's the most secure way to ask for / pass in credentials?

Related Topics