Well... that was a scary read, but thank you. Why would MS even make it possible to query the password hashes!? It should be an internal process completely hidden away. I see no benefit in sys.sql_logins retuning a password_hash column.