How do I check if a password in a System.Security.SecureString is empty?

Question

I'm prompting in a script for the user to enter a password for a new account. I know that using the -AsSecureString parameter causes it to return a System.Security.SecureString object.

$AccountPassword = Read-Host -AsSecureString -Prompt "Password"

I just want to check that the password they've entered isn't blank. If I just hit enter at the Password prompt, the tests that I've tried on the $AccountPassword variable are not detecting that it's empty:

if (!$AccountPassword) {
  throw "Password must not be empty"
}

if ($AccountPassword = "") {
    throw "Password must not be empty"
}

Is there a way to check the System.Security.SecureString variable directly, or do I need to convert it to plain text in order to test it?

score 1 · Accepted Answer · answered Jul 28 '23 at 08:52

1

You can use Length property of System.Security.SecureString class which will return the number of characters in the current secure string

answered Jul 28 '23 at 08:52

Abdul Niyas P M

18,035
2
25
46

score 1 · Answer 2 · answered Jul 28 '23 at 08:52

1

Just like a regular [string], [securestring] instances have a Length property reflecting the length of the wrapped string value:

if ($AccountPassword.Length -eq 0) {
  throw "Password must not be empty"
}

answered Jul 28 '23 at 08:52

Mathias R. Jessen

157,619
12
148
206

How do I check if a password in a System.Security.SecureString is empty?

2 Answers2