Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

password policies

Status
Not open for further replies.
mattisontara

mattisontara

Programmer
Jan 29, 2002
30
0
0
US
I am interested in finding out what the standards (if any) are in companies in terms of their password changing policies, as well as what type of authentication your apps connecting to sql server use, what kinds of authentication the services run under, etc.
My company is in the process of coming up with a standard, but I dont have anything to compare it to. Any info would be appreciated.
 
Sort by date Sort by votes
to access our SQL Server, we require a twelve (12) character password with a combination of upper/lower case letters, numbers, and special characters. The password is good for 60 days and the new password cannot match any of the last five passwords used by the user.

all users must connect their app to SQL Server using their login and password.

-SQLBill
 
Upvote 0 Downvote
Ok, but here is a scenario... You have MSSQLServer service running under some domain account and that domain account gets changed by your network guys... do they tell you about it first? Do you even have the service running under a domain account? It has to doesn't it?
 
Upvote 0 Downvote
When the SQL Admin account password is changed, manual intervention is required to change the service startup parameters. If the network admins change the SQL Account password without notifying the Database admins or changing the start parameters themselves, SQL Server will not start the next time a start request is made.

Our policy requires that NT domain, mainframe and some application login passwords be changed every 90 days. Minimum password length is 6 characters. These policies can be enforced by the service or application.

When using SQL Authentication SQL Server doesn't have a mechanism to force password changes, ensure minimum password length, prohibit reuse of passwords, etc. If you use only NT authentication, policies can be easily established. Not so with SQL Authentication.

We use mostly SQL Authentication in our applications. We don't require users to login to SQL Server individually. If necessary, applications validate users and then the application uses its SQL login to access the data. Thus we have several application logins. The passwords are controlled and changed by the DBAs using our own proprietary methodology. Terry L. Broadbent - DBA
Computing Links:
faq183-874 contains "Suggestions for Getting Quick and Appropriate Answers" to your questions.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Auguy
  • Locked
  • Question
Determine sa Password When Signed On As Administrator User Thru Windows Authentication 1
Replies
2
Views
40
Auguy
Auguy
arrt
  • Locked
  • Question
What UserName and Password I need for Report Builder?
Replies
0
Views
21
arrt
arrt
pmurch
  • Locked
  • Question
Integrated Security vs. User ID/Password
Replies
8
Views
84
gmmastros
gmmastros
lameid
  • Locked
  • Question
Change Expired Password - T-SQL
Replies
7
Views
78
lameid
lameid
robertfah
  • Locked
  • Question
SQL to get user password
Replies
4
Views
24
mrdenny
mrdenny

Part and Inventory Search

Sponsor

Back
Top