Comments on: Use PWDCOMPARE() to Find SQL Logins With Weak Passwords

By: Bala

Bala — Thu, 02 May 2019 21:59:35 +0000

Good tip. Thanks.

By: Use PWDCOMPARE() to Find SQL Logins With Weak Passwords – Thomas LaRock | South Florida SQL Server User Group

Fri, 22 Feb 2019 04:04:54 +0000

[…] Don’t just take my word for it though. Do a quick search for “common password list” and read more… […]

By: Testing SQL Logins For Weak Passwords – Curated SQL

Testing SQL Logins For Weak Passwords – Curated SQL — Thu, 07 Feb 2019 13:00:47 +0000

[…] Tom LaRock shows how you can test SQL authenticated logins for weak passwords using a built-in SQL S…: […]

By: Greg Low

Greg Low — Wed, 06 Feb 2019 21:58:01 +0000

But enabling the password policy would not actually be a good thing right? It adds auto-password expiry, password complexity rules, etc. Both of these are advised against in the latest NIST guidelines right? https://pages.nist.gov/800-63-3/sp800-63b.html#reqauthtype

By: Thomas LaRock

Thomas LaRock — Wed, 06 Feb 2019 19:03:27 +0000

In reply to K. Brian Kelley. Agreed!

By: K. Brian Kelley

K. Brian Kelley — Wed, 06 Feb 2019 18:34:42 +0000

I’m going to append to what you wrote. Yes, data security is hard. But it’s not just because people are dumb. Data security is hard because we don’t take into account the dumbness in building our solutions.

After all, the definition of insanity is doing the same thing over and over again yet expecting different results.