Checking for Bad (Insecure) Passwords (Part 2)

by May 23, 2019

In the previous tip we explained how you can use web services to safely test passwords and find out whether they have been compromised before.

Infosec code sometimes looks pretty “funny” in an effort to be short, so in part 1 we shared nice and readable code with you. Here is the “infosec” variant which shows how much PowerShell code can be compressed and auto-obfuscated. It returns how often a particular password was seen in breaches (and returns null if it hasn’t been seen before).

$p = 'P@ssw0rd'
[Net.ServicePointManager]::SecurityProtocol = 'Tls12'
$a,$b = (Get-FileHash -A 'SHA1' -I ([IO.MemoryStream]::new([Text.Encoding]::UTF8.GetBytes($p)))).Hash -split '(?<=^.{5})'
(((irm "$a" -UseB) -split '\r\n' -like "$b*") -split ':')[-1 – PowerShell Conference EU 2019 – June 4-7, Hannover Germany – visit There aren’t too many trainings around for experienced PowerShell scripters where you really still learn something new. But there’s one place you don’t want to miss: PowerShell Conference EU – with 40 renown international speakers including PowerShell team members and MVPs, plus 350 professional and creative PowerShell scripters. Registration is open at, and the full 3-track 4-days agenda becomes available soon. Once a year it’s just a smart move to come together, update know-how, learn about security and mitigations, and bring home fresh ideas and authoritative guidance. We’d sure love to see and hear from you!

Twitter This Tip! ReTweet this Tip!