When generating a random password, the result must still be a valid string
https://blogs.msdn.microsoft.com/oldnewthing/20180713-00/?p=99235 [blogs.msdn.microsoft.com]
2018-07-13 17:10
A customer had a problem with auto-generated random passwords. Their password generator generated a string by choosing each character randomly with a code unit from U+0001 to U+FFFF. (They avoided U+0000 because that is the string terminator.) They didn’t mind that the resulting passwords were untypeable, because the passwords were going to be entered programmatically.
And then, oops.