Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
SQL Server Login Password Expiration
Collapse the table of content
Expand the table of content

SQL Server Login Password Expiration

This rule checks whether "Password expiration" of each SQL Server login is enabled. If SQL Server Authentication is enabled and if the operating system version is earlier than Windows Server 2003, an attacker could repeatedly exploit a known SQL Server login password.

We recommend that you upgrade the operating system to Windows Server 2003.

If SQL Server Authentication is not required in your environment, use Windows Authentication. For more information, see Authentication Mode.

Enable "Password expiration" for all the SQL Server logins. Use ALTER LOGIN to configure the password policy for the SQL Server login.

Community Additions

ADD
Show:
© 2015 Microsoft