Storing passwords (ConvertFrom-SecureString vs. Export-CliXml)

I understand that I can use both methods to save a password to a text file:

Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File C:\cred.txt

and

Get-Credential | Export-Clixml c:\cred.xml

I also understand that both methods make the password accessible only to the account that created the output file and on the machine where it was created. That said, is one method more secure than the other? Are there other benefits or risks associated with one or the other?

1 answer

  • answered 2017-01-11 14:18 Ansgar Wiechers

    None of the two approaches is more secure than the other. Their only differences are that one prompts for credentials with a GUI dialog and stores the data as XML, whereas the other prompts on the console and stores the data in an unstructured text file.