http://www.sqlservercentral.com/blogs/steve_jones/2011/10/03/sql-authentication-_1320_-forcing-password-changes/

Printed 2014/10/23 04:17AM

SQL Authentication – Forcing Password Changes

By Steve Jones, 2011/10/03

When you create a SQL Server login (with SQL authentication), you have the option of enforcing password policies from Windows (in SQL Server 2005 and above).

chagepwd3

The recommendation is that you check all three and force strong passwords. You also force a password change so the person has a private password not known by the administrator.

If you go back into this account later, and look at the boxes, only 2 are available to be checked. The “User must change password at next login” is grated out.

chagepwd1

In order to access this box and force a password change, you need to change the password. The reason is that if the account is compromised, the hacker should not be the one to set a new password. The security model assumes the administrator can contact the legitimate owner offline and give them the new password.

Start typing in the password box, and you can check the box:

chagepwd2

Of course you need to set a password that conforms to the policies, and it needs to match the confirm edit box Winking smile


Filed under: Blog Tagged: security, sql server, syndicated
Copyright © 2002-2014 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.