See https://blog.neilsabol.site/post/yubikey-personalization-tool-yubico-powershell-command-cli-program-random-static-password-commandline/ . This snippet uses the ykman command to generate a new static password on the Yubikey, then reset the password of the user running the PowerShell session to the new static password (requires pressing the bu…

ykman-yubikey-static-password-reset-example.ps1

# Create an alias for ykman pointing the the install location
set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe"

# Provide an opportunity to insert the yubikey before continuing
Read-Host -Prompt "Ensure Yubikey is inserted then press Enter to continue"

# Add a new line for formatting/tidiness
write-host " "

# Run ykman to generate the static password on the Yubikey (in slot 2)
ykman otp static 2 --generate --length 16 --force --keyboard-layout US

# Wait a second, then add a new line for formatting/tidiness
sleep 1
write-host " "

# Have the user enter their own password to prepend the Yubikey random,
# static password (improves security) See:
# https://support.yubico.com/support/solutions/articles/15000006480-understanding-core-static-password-features
write-host "Resetting password for $env:username - enter a personal password and without pressing enter,
     long-press the button on your Yubikey to append the generated static password when prompted (twice) ..."

# Determine if the account is a local account or domain account and run the
# respective "net use" command to reset the password. In most cases, the
# account is local if %userdomain% and %computername% match
if($env:userdomain -like "*$env:computername") {
     net user "$env:username" *
} else {
     net user "$env:username" * /domain
}

# Zero out variables
$NewPassword = ""

# Add new lines and output for formatting/tidiness
write-host " "
write-host "DONE"
write-host " "