Generating Passphrases Instead Of Passwords

Security vs Memorability

If you are involved with identity management you’ll have encountered the password length and duration scenario, you will most probably have encountered and discussed the password vs passphrase at great length and embarked on the discussion:

Well passwords of x length have x entropy because…..

I’m not going to go into that here as it has already been discussed elsewhere in great length that I couldn’t do it justice but a few links.

XKCD - Password Strength


Use Passphrases that are both easy to remember but difficult to guess.

I have had this function in mind for well over a year and had a list of words to use but never actually got around to writing anything to accommodate creating passphrases. I had an hour spare whilst late night feeding new baba so figured I’d use it productively.

I created a function which generates passphrases from a list of words


New-PassPhrase -PassPhraseLength 35




function New-PassPhrase {
    Generate PassPhrase for account logins
    Generate a PassPhrase from a pre-defined list of words instead of using random character passwords
    .PARAMETER Length
    Length of PassPhrase to be generated
    .PARAMETER Delimiter
    The Delimiter to be used when outputting the PassPhrase. If no delimiter is specified then a hyphen is used '-'
    New-PassPhrase -Length 25

    New-PassPhrase -Length 25 -Delimiter ';'
    NCSC UK Guidance on Secure Passwords
    param (
            Position = 1)]

        [Parameter(Position = 2)]
        $Delimiter = '-'
    begin {
        $wordlist = Get-Content -Path $PSScriptRoot\configuration\wordlist.txt
    process {
        $phrasearr = @()
        while ($phrase.length -lt $PassPhraseLength) {
            $phrasearr += $wordlist | Get-Random
            $phrase = $phrasearr -join ''
    end {
        $phrasearr -join $Delimiter