There are many posts on viewing and comparing secureString objects. Many use .Net's Marshal method, which even its advocates admit is convoluted. A quicker method involves placing the secure string into a PSCredential object and using the GetNetworkCredential() method. Example below:
$ssn = Read-Host("Enter your social security number") -AsSecureString
$ssn
"You entered $clearText = $((New-Object PSCredential($ssn,'.')).GetNetworkCredential().Password)"
The second line outputs:
System.Security.SecureString
The third line outputs:
You entered 123456789
This is a nice little hack. I can use -AsSecureString to (1)obscure the user's input on the screen and (2) keep the string encrypted in memory. And I can also decrypt the SecureString for String methods (check length, validate input, compare to another secure string).
Is this still secure? Certainly at the moment "GetNetworkCredential()" is called, there's a decrypted string in memory. Is that string/pointer removed after the method completes? Or does it sit in memory until garbage collection erases it?