| title | description | author | ms.author | ms.date | ms.service | ms.subservice | ms.topic | helpviewer_keywords | |
|---|---|---|---|---|---|---|---|---|---|
SQL Server Login Password Expiration |
Check whether password expiration of each SQL Server login is enabled to help counter a possible attack in SQL Server. |
VanMSFT |
vanto |
12/15/2023 |
sql |
security |
reference |
|
[!INCLUDE SQL Server]
This rule checks whether "Password expiration" of each [!INCLUDE ssNoVersion] login is enabled. If [!INCLUDE ssNoVersion] Authentication is enabled and if the operating system version is earlier than [!INCLUDE winserver2003], an attacker could repeatedly exploit a known [!INCLUDE ssNoVersion] login password.
We recommend that you upgrade the operating system to [!INCLUDE winserver2003].
If [!INCLUDE ssNoVersion] Authentication isn't required in your environment, use Windows Authentication. For more information, see Choose an authentication mode.
Enable "Password expiration" for all the [!INCLUDE ssNoVersion] logins. Use ALTER LOGIN to configure the password policy for the [!INCLUDE ssNoVersion] login.