MS SQL Server 2012 - DBA Articles

SQL Server - Password Policy


04. SQL Server - Password Policy
SQL Server can use Windows password policy mechanisms. The password policy applies to a login that uses SQL Server authentication, and to a contained database user with password.
SQL Server can apply the same complexity and expiration policies used in Windows to passwords used inside SQL Server.
Password Complexity
Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. When password complexity policy is enforced, new passwords must meet the following guidelines:
    01. The password does not contain the account name of the user.
    02. The password is at least eight characters long.
    03. The password contains characters from three of the following four categories:
          01. Latin uppercase letters (A through Z)
          02. Latin lowercase letters (a through z)
          03. Base 10 digits (0 through 9)
          04. Non-alphanumeric characters such as: exclamation point (!), dollar sign ($), number sign (#), or percent (%).
Passwords can be up to 128 characters long. You should use passwords that are as long and complex as possible.
Password Expiration
Password expiration policies are used to manage the lifespan of a password. When SQL Server enforces password expiration policy, users are reminded to change old passwords, and accounts that have expired passwords are disabled.
Strong Passwords
Passwords can be the weakest link in a server security deployment. You should always take great care when you select a password. A strong password has the following characteristics:
01. Is at least 8 characters long.
02. Combines letters, numbers, and symbol characters within the password.
03. Is not found in a dictionary.
04. Is not the name of a command.
05. Is not the name of a person.
06. Is not the name of a user.
07. Is not the name of a computer.
08. Is changed regularly.
09. Is significantly different from previous passwords.
Microsoft SQL Server passwords can contain up to 128 characters, including letters, symbols, and digits.
More Reference URL:
http://msdn.microsoft.com/en-us/library/ms161959%28v=sql.110%29.aspx
http://msdn.microsoft.com/en-us/library/ms161962%28v=sql.110%29.aspx

* * * * *

Email Your Comment To AUTHOR

Quick Links
Home
About Me
System Analyze Method
Dimensional Data Model
Entity Relationship Model
Relational Database Model
Tutorials
MS SQL Server - DBA
SSIS - Video Tutorials
SSAS - Video Tutorials
SSRS - Video Tutorials
SQL Server White Papers
Programming in SQL Server
Help Us
Contact Me
R.K.Prem Nath
Madurai District
Tamil Nadu, India

[email protected]
[email protected]
Terms Of Use                                                  Protected by Copyscape Online Plagiarism Tool             Copyrights © . Data-e-Education. All Rights Reserved.