SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Passwords – A T-SQL Tuesday Topic

LateBeing engrossed with the daily tasks at hand I completely missed this month’s T-SQL Tuesday is being brought to you by Sebastian Meine Blog | Twitter.

Although the time frame has passed I would be amiss if I didn’t continue on my journey of joining in these block parties; with that said I’m going to write what I “would” have contributed. This month’s topic is intriguing in that it can cover a wide array of discussion – Passwords.

When I think of passwords I think of etiquette. I cannot tell you how many times I have been on calls, meetings, emails, and the list could go on of scenarios that relate to passwords where users just don’t think or take into consideration the impact of their actions. To me the last four words are the key, “impact of their (our) actions“.

Password Etiquette

  • Conference Calls – how many times have you been on a production call with numerous individuals and hear someone say, “Okay here is the user name and password?” If you have then you are not the only one. Credentials should be kept out of the hands of unnecessary individuals.
  • Open Text Passwords in tables – check into encrypting those; protect yourself before you realize breaches have occurred and you are left holding the bag.
  • Email – transmitting password information via email; not a big fan of. This kind of relates back to the conference call section; who all is on the email? Are you sending it to Project Managers and the like? Probably not the best choice to make.
  • Backups sent offsite – do you have any backups going off site? Is any pertinent credentials contained in the dB and if so are your backups being encrypted before shipping them off?
  • Length – Look at the length of the passwords you are creating; how strong is the password you are making?
  • Sharing – don’t do it; simple enough.

All the above reflects, what I deem, good etiquette. That barely scratches the surface. You have to take into consideration many other factors one of them being a policy.  Small, big, medium – whatever kind of shop you are in define out what the best practice is for your shop and then adhere to it. A good reference could be found on Technet Best Practices

Lastly, if you feel as though a password has been compromised be proactive and take the necessary steps to change it. Don’t wait for something to happen; you be the game changer.

Get your defense model in place and let the good times roll.


The SQL Professor

Chris Yates is a Database Administration Manager with over thirteen years of experience in the SQL industry. His experience includes design and implementation of both OLTP and OLAP solutions as well as assessment and implementation of SQL Server environments for best practices, performance, and high availability solutions accompanied by a strong development background. He enjoys helping others in the SQL Server community and does this by contributing on several SQL forums, creating “The SQL Professor”, and speaking at several SQL functions. His passion and focus is not only with technology but also helping others along their way and career path.

Comments

Leave a comment on the original post [chrisyatessql.wordpress.com, opens in a new window]

Loading comments...