Page History
How does the Weak Password detection helps you
The Weak Password Detection option lets you set up how IDERA SQL Secure enforces password health. When setting up this option, take the following points into account:
- Users should not use blank passwords, passwords with common words, or passwords that match a login name.
- The SQL Logins of your audited SQL Server instances will be checked against a list of known words used in weak passwords.
- SQL Secure allows you to specify a custom list that includes words and phrases you have restricted in order to ensure passwords meet corporate security policies.
- Password detection is enabled by default for all SQL Server instances registered with SQL Secure.
| Note |
|---|
SQL Secure determines the password health for all SQL logins but not for Windows user accounts or groups who have privileges on the audited SQL Server instance. |
Weak password detection
The password analysis is performed during snapshot collection. When a snapshot is taken, the passwords of all SQL logins on the target SQL Server instances are collected and then compared against the default weak password list as well as any custom lists you defined. Each password is also compared against the name of its login.
The result (a security check finding) is stored in the Repository database but the passwords themselves are not stored.
To configure your Weak Password Detection settings:
...
- In the menu options,
...
- click Tools > Configure Weak Password Detection.
- Select Enable weak password detection. SQL Secure uses a default list with over 2400+ words. In the Detection Settings you can:
- Add new words to the default list by typing the additional words or phrases separated by a semicolon in the Additional Passwords textbox. If you want to access the Default Passwords list, click View Default Password List.
- Customize the password analysis by importing a custom list. For this purpose, type the name of the list file (text file *.txt) or click the ellipsis button
to browse a file in your computer. Format the text file such that each word or phrase is located on a separate line. If you want to view the imported list, click View Custom Password List.To specify a different text file, click Remove List, and then add the new file.
- Click OK.
| Tip |
|---|
Determine which policy assessments should analyze password health. For each assessment, review its settings to ensure the Weak Passwords security check is enabled. Test your configuration by taking a snapshot and then reviewing the security check findings for your target servers. |
About the Default Weak Passwords list
The Default Weak Passwords list was compiled by industry experts. This list includes over 2,400 common words and phrases used in passwords that are considered weak (easy to guess or hack), including blank passwords. By default, SQL Secure uses this list to analyze your enterprise's password health, comparing each SQL login password to the list, then reporting the result as a security check finding.
You can add specific words and phrases to the default list, such as popular Internet memes like "kitteh" and "double rainbow." . You can also add a custom list, such as words restricted by your corporate password policy.
...
| Tip |
|---|
To stop reporting on password health, disable the Weak Passwords security check in your policy assessments. |
...
| Excerpt |
|---|
SQL Secure tells you who has access to what on your SQL Server databases. Learn more > > |