Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions Links


SQL Server DBA Jobs

Find Weak passwords in SQL Server

12 June,2013 by Tom Collins

How can I find weak passwords in SQL Server logins?

Identifying weak passwords is an  important part of Security Risk Analysis. Setting  up a procedure to check for weak passwords should be part of the DBA daily healthcheck.  It is straightforward to check for a weak password using a SELECT statement and the PWDCOMPARE function.

The PWDCOMPARE function accepts 2 arguments – the first is the text password and the varbin value of the SQL password hash


--find SQL login with blank passwords
select name,type_desc,create_date from sys.sql_logins where pwdcompare('', password_hash) = 1

--find SQL login with password same as name

select name,type_desc,create_date from sys.sql_logins where pwdcompare(name, password_hash) = 1



Read More on auditing SQL Server

Powershell sql server security audit - SQL Server DBA

How to create a SQL Server Security Audit - SQL Server DBA

Database Server Security Audit Process - SQL Server DBA

Find who made a database security change - SQL Server DBA

Author: Tom Collins (


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment on Find Weak passwords in SQL Server | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer