SQL Server Performance Forum – Threads Archive
Password in SQL Server 2005
Is there a way to turn off password complexity in SQL Server 2005 running on Windows Server 2003? What is the difference between password complexity and strong password? Which one is recommended?Thanks.
I suppose you mean sa password. As far I know, there is no way to turn off.
Luis Martin
Moderator
SQL-Server-Performance.com One of the symptoms of an approaching nervous breakdown is the belief that one’s work is terribly important
Bertrand Russell
All postings are provided “AS IS†with no warranties for accuracy.
Hi Luis, I mean for any login password not just sa.
Thanks.
http://www.petri.co.il/disable_password_requirement_in_win2003_domain.htm fyi. Satya SKJ
Contributing Editor & Forums Moderator
http://www.SQL-Server-Performance.Com
This posting is provided “AS IS†with no rights for the sake of knowledge sharing.
Not sure what your saying there Satya, but if we are talking about SQL Logins in 2005; A strong (hard to crack) password is a complex (complicated) password. SQL 2005 allows you to enforce the same constraints on passwords for SQL Logins as for Windows logins through the CHECK_POLICY option in CREATE LOGIN as below: CREATE LOGIN User1
WITH PASSWORD = ‘passwordhere’,
CHECK_EXPIRATION = ON, CHECK_POLICY = ON If you want to have weak passwords and no control, set CHECK_POLICY = OFF
Hi,<br />this is a reference from Windows Help <br />==============================<br />Creating strong passwords<br />===============================<br />Good computer security includes the use of strong passwords for your network logon and the Administrator account on your computer.<br /><br />For a password to be strong and hard to break, it should:<br /><br />Be at least seven characters long. <br />Contain characters from each of the following three groups: Description Examples <br />Letters (uppercase and lowercase) A, B, C,…; a, b, c,… <br />Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 <br />Symbols (all characters not defined as letters or numerals) ` ~ ! @ # $ % ^ & * ( ) _ + – = { } | [ ] : " ; ‘ < > ? , . / <br /><br />Have at least one symbol character in the second through sixth positions. <br />Be significantly different from prior passwords. <br />Not contain your name or user name. <br />Not be a common word or name. <br />Passwords can be the weakest link in a computer security scheme. Strong passwords are important because password cracking tools continue to improve and the computers used to crack passwords are more powerful. Network passwords that once took weeks to break can now be broken in hours.<br /><br />Password cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and automation that tries every possible combination of characters. Given enough time, the automated method can crack any password. However, it still can take months to crack a strong password.<br /><br />Windows 2000 passwords can be up to 127 characters long. However, if you are using Windows 2000 on a network that also has computers using Windows 95 or Windows 98, consider using passwords not longer than 14 characters. Windows 95 and Windows 98 support passwords of up to 14 characters. If your password is longer, you may not be able to log on to your network from those computers.<br /><br /><br /><img src=’/community/emoticons/emotion-1.gif’ alt=’
‘ /><br />HTH<br />Regards<br /><br /><br /><br />Hemantgiri S. Goswami<br />[email protected]<br />"Humans don’t have Caliber to PASS TIME , Time it self Pass or Fail Humans" – by Hemantgiri S. Goswami<br />
]]>