Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Changing of the Guard

By Steve Jones,

This summer I had the chance to visit the Tomb of the Unknown Soldier in Arlington National  Cemetery with my son. It was my second time there, his first, and we had the chance to watch the changing of the guard twice. In the summer they change every 30 minutes, a little less frequently at night and in the winter, but it's an amazing thing to watch (you can see it here). I've also had the chance to see the changing of the guard at Buckingham Palace.

These are symbolic events, and while I'd urge you to go see them if you can, they aren't really in place to provide security. In our lives and work, we have real security measures that are designed to protect things that we are really concerned about. In the technology business, one thing we do is change passwords.

For this Friday's poll, I wanted to ask a bit about your own changing of the guard. I am curious to know how you handle the internal procedures at your company.

How often do you change your administrator passwords?

These can be the domain/Windows administrator password, the SA password in SQL Server, or your personal account if it has administrator privileges. Perhaps you have separate schedules for all of them. If so, let us know, and If you have reasons, post them.

In the past, I've had password changes enforced at various intervals for different employers: 30 days, 60 days, 90 days, 120 days, 180 days, and infinity (never changing passwords). Those are typical intervals that I've seen, though these days I think everyone has something lower than infinity. Or I hope they do.

I hated 30 days since it required me to think of new passwords too often. I, and many other people I worked with, ended up using the same password with a 1, 2, 3, etc. added at the end. We rotated a new number every month, and since our system remembered 10 passwords, we could end up using the same password every 11 months.

To me 60 days was a much better time frame. Short enough to provide good security (I think), but long enough that it wasn't a huge hassle to remember. It also wasn't an interval that resulted in a large number of sticky notes on a monitor. These days I change my employer passwords every 90 days, and also change the password on my Password Safe every few months. I also rotate some shared credentials, like my Live ID, at least once a year. However I often leave other passwords alone for long periods of time. Not sure that's a good move.

So this Friday, let us know how often you change your passwords, and what makes a good interval in your mind.

Steve Jones

 


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 87 | Views in the last 30 days: 1
 
Related Articles
FORUM

Password change

Password change

FORUM

change password

change password

BLOG

Podcast Upgrades

A minor change for the podcasts next week. I got my wireless microphone, and I'm working with it a b...

ARTICLE

Podcast Announcements

Podcast Feeds

FORUM

Password Change

Steps required to do Password change activity for a SQL 2005 Clusterd environment

Tags
editorial    
passwords    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones