SQL Password Mechanism

  • Hi all, this may sound a bit of a silly question, but it comes from our Audit guys.

    Is there a way to make the user passwords within Sql a bit more secure, by that I mean they have asked questions like.

    Can the password be more than 8 Chars or more etc.

    Can you enforce that it has to be Mixed Chars

    Can you enforce it so that it must be changed on a regular basis, etc etc.

    Can this be done

    Cheers

  • You can't do anything like that with SQL authentication in SQL Server 2000.  Your only options are to use Windows authentication or to upgrade to SQL Server 2005.

    John

  • Hi John, that is what I thought but I had to ask as you guys are far more experienced than I.

    Cheers

  • Agree with John. We came up with a hack to force changes in SQL2000, but we couldn't deal with complexity.

  • Thanks guys

  • SSC Rookie,

    As for enforcing password changes on a timely basis, I haven't found anything for that. But as for Mix characters and length you can always update the sp_password and sp_addlogin. We have that a work. We check password length. Require special character usage, alphanumeric. It works fine for us. I know in 2005 you can use the policy edit. But I think that may become an issue to other accounts on the box not being used for SQL.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply