Home Forums SQL Server 2012 SQL Server 2012 - T-SQL Password History Table RE: Password History Table

  • May 7, 2014 at 3:22 pm

    #1711712

    i believe you should simply do like windows AD does, and store the hash of the password, and not the password itself.

    then you compare the potential new password to the hash;

    maybe save the last ten passwords as a delimited string of hash values, which you cna split with dbo.DelimitedSplit8k, and compare all in that virtual table.

    edit: Sean already suggested the same, of saving salted hashes of the password.

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!