SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

How Many Passwords?

By Steve Jones,

This editorial was originally published on Mar 17, 2014. It is being re-run as Steve is on holiday.

 How many user names and passwords do you have? If you're like me, you have a lot of them. Actually I don't have too many user names, sticking with "Steve Jones", "sjones" or my well known "way0utwest" for my logins. However I do try to have as many passwords as I have logins. Using my Password Safe utility, I count 265 items in my personal safe and 176 in my business one. Some of those are old and dead, but quite a few of them I use on a regular basis.

That's similar to what Keith Combs notes in his blog post on IDs and passwords. He has 172, though I'm sure that number has crept up since he wrote the post. The piece links over to a few identity discussions from others at Microsoft that are trying to make identifying users and managing security easier. In the Microsoft world I think that works well, but the larger world outside of Microsoft software requires a bit more work for most of us.

The original piece was written awhile back, and since that time, I've come to find that more and more of my logins are authorization links from one of the large companies (Microsoft, Google, Facebook, Twitter), with some sort of token that allows me to login. I have my Live account working on a number of Microsoft based services, but my Google account crossing their platform to Gravitar and StackExchange. My Twitter and Facebook accounts are linked to a few places, though I'm careful about which one of those I link to which application or service.

Using passwords, moving to application links from a platform, and even now adding two factor authentication with a mobile phone makes me think that we are not necessarily finding a better way of managing authentication. Perhaps we are making things much more complex without creating any more security.

I don't know what the future will bring, but I suspect that many of our current methods of providing security will prove to be inadequate. I'm hoping that we find out on some services like Funny or Die or ESPN, and not because people find ways to jump from external applications to internal servers like Exchange or SQL Server.

Total article views: 130 | Views in the last 30 days: 1
Related Articles

SQL Login Password Audit

Audit your SQL logins to find passwords that have never been changed or that are very weak.


login issue from application

can not login from application


User logins versus service account

User logins versus service account


changing passwords at next login?

How do users change passwords at next login when they are sql server logins?


Login Password Policy

This script lists all of the SQL logins with their password policy