07 December,2021 by Tom Collins
Question: How can I check the SQL Server authentication password configurations?
Answer: When you create a new SQL login - (SQL Server authentication) , there are some options , just below the Password box - which allows some flexibility in the way the passwords are applied.
The way in which they are applied is very much dependant on the organization SQL Server security policies. Different companies have different approaches to applying and validating the security policy
As part of "Enforcing password policy " is the password complexity rules. Typically , there is a Windows password policy mechanism - which if enabled will enforce some password complexity rules for SQL Server Authentication logins
The idea of applying password complexity to force avoiding weak passwords
This is an example of policy details
Password must meet complexity requirements
This security setting determines whether passwords must meet complexity requirements.
If this policy is enabled, passwords must meet the following minimum requirements:
Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
Be at least six characters in length
Contain characters from three of the following four categories:
English uppercase characters (A through Z)
English lowercase characters (a through z)
Base 10 digits (0 through 9)
Non-alphabetic characters (for example, !, $, #, %)
Complexity requirements are enforced when passwords are changed or created.
Read more about SQL Server security and password management
How to check SQL Server password policy
How to check Enforce password expiration is set for SQL Login
How to crack the SQL Login password from sys.syslogins
Encrypting sa passwords during SQL Server Installation
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |