Passwords

Did you know: SSPR/Password Reset Edition

August 18, 2025 by ClaytonT Leave a Comment

Did you know if you convert to the combined experience for SSPR and password reset, you can remove less secure phone, email, and text authentication? This is as long as you have Authenticator registered and higher methods allowed. See below for SSPR.

This works for SSPR and for password reset through My Sign-Ins.

The gotcha is if you have 2 methods required for SSPR, it will say your not registered for SSPR even if your enabled for it, but only have 1 method (Microsoft Authenticator) registered. As you can see below.

I would definitely recommend adding more secure options as well but at the minimum I’d use Authenticator or higher.

How do you keep your user protected in this situation?

Hope this quick tip was useful and have a great day!

GitHub Copilot Password Warning

October 4, 2024 by ClaytonT Leave a Comment

Did you know that GitHub Copilot is now sensing hard coded credentials and giving you a warning? It’s not perfect, but even if something looks like hard coded creds it will flag it, as on another script I had, it contained numbers that looked like they could be private, and it gave me a warning about it. Honestly, I rather find more potentials credentials then not. That’s it for today, hope you have a great day!

One-Liner Wednesday November 2, 2022

November 2, 2022 by admin Leave a Comment

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | sort-object ExpiryDate

Here is a one liner that find very useful and hope you do to.

You can customize it even more, but for now this one grabs all the AD User accounts that are expiring and the ones expiring first at the top. I love using this to stay in front of users passwords expiring then they can’t connect or if they are off network and is a rush to get it done.

You could even sent this up as a scheduled task and have it pull the next 2 weeks of users. Then either you reach out to them, it emails them, or it notifies your help desk to reach out to them to help change their password.

Or you could have it in your dashboard so you’d always see the next 2 weeks of users passwords expiring.

Module Monday October 10, 2022

October 10, 2022 by ClaytonT Leave a Comment

It’s time for Module Monday….

Share Code not Secrets, I think says it best. I guess you probably want the name of the module now…It’s called PSSecretScanner which will search files/folders that you point it too and check if there are any passwords visible! Maybe you have some old code that you haven’t used in awhile, you might want to run this on it just to make sure younger you who may have been more naïve didn’t leave any plain text passwords! We’ve all been there!

PowerShell Gallery:
PSSecretScanner/1.0.9