Subscribe

SQLServer-DBA.com Links

Subscribe to newsletter

Dba_db2_button

Powered by TypePad
Find Weak passwords in SQL Server

12 June,2013 by Jack Vamvas

How can I find weak passwords in SQL Server logins?

Identifying weak passwords is an  important part of Security Risk Analysis. Setting  up a procedure to check for weak passwords should be part of the DBA daily healthcheck.  It is straightforward to check for a weak password using a SELECT statement and the PWDCOMPARE function.

The PWDCOMPARE function accepts 2 arguments – the first is the text password and the varbin value of the SQL password hash

 

--find SQL login with blank passwords
select name,type_desc,create_date from sys.sql_logins where pwdcompare('', password_hash) = 1

--find SQL login with password same as name

select name,type_desc,create_date from sys.sql_logins where pwdcompare(name, password_hash) = 1

 

 

Read More

Powershell sql server security audit - SQL Server DBA

How to create a SQL Server Security Audit - SQL Server DBA

Database Server Security Audit Process - SQL Server DBA

Find who made a database security change - SQL Server DBA


Author: Jack Vamvas (http://www.sqlserver-dba.com)

******** *******

Subscribe to SQLServer-DBA.com

Latest posts delivered to you daily

Delivered by FeedBurner

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment


sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer