Versions Compared

Old Version 1

changes.mady.by.user Nadja Pollard

Saved on

compared with

New Version Current

changes.mady.by.user Daniela Villalobos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Default Weak Passwords list was compiled by industry experts. This list includes over 2,400 common words and phrases used in passwords that are considered weak (easy to guess or hack), including blank passwords. By default, SQL Secure uses this list to analyze your enterprise's password health, comparing each SQL login password to the list, then reporting the result as a security check finding.

Note

The weak password check is currently case sensitive. For example, "password" can trigger weak password alerts but "Password" don't.

You can add specific words and phrases to the default list, such as popular Internet memes like "kitteh" and "double rainbow." You can also add a custom list, such as words restricted by your corporate password policy or words that are common in your own environment

Tip

To create stronger passwords and help to ensure password security in your environment, enable the ‘Enforce password policy’ test. The security check name for this test is 'SQL Logins Not Using Password Policy', find it enabled by default for the 'All Servers' audit policy, you can enable it manually in other custom policies."

Security Checks that enforce password health

...

As SQL Secure analyzes the password health of your SQL logins, it records one of the following results. These findings are displayed in the corresponding Login Properties window and the Login Vulnerability report.

Password health resultsWhat it means
BlankThe password for this login is either blank or null, which means no password is required for authentication or successful connection to databases hosted by your audited SQL Server instances.
Matches login nameThe password for this login matches the name of the login.
N/AThe password for this login was not checked, most likely because either the login is a Windows user account or weak password detection is disabled.
OKThis login most likely has a strong password because the password does not match any of the words and phrases in the Default Weak Passwords list or the additional and custom passwords you specified.
WeakThe password for this login matches one or more of the words and phrases in the Default Weak Passwords list or the additional and custom passwords you specified.

About password detection

When weak password detection is disabled, SQL Secure stops collecting password health data. All previously collected data remains stored in the SQL Secure Repository database and can be evaluated using your policy assessments. For future assessments, SQL Secure will no longer report on whether any SQL login passwords are considered weak but it will continue to report on whether a password is blank.

...