| title | description | author | ms.author | ms.date | ms.service | ms.subservice | ms.topic | ms.custom | helpviewer_keywords | monikerRange | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Strong Passwords |
Learn about passwords in SQL Server and find out what constitutes a strong password to enhance security for your deployment. |
VanMSFT |
vanto |
03/14/2017 |
sql |
security |
conceptual |
|
|
>=aps-pdw-2016 || =azuresqldb-current || =azure-sqldw-latest || >=sql-server-2016 || >=sql-server-linux-2017 || =azuresqldb-mi-current || =fabric |
[!INCLUDE SQL Server Azure SQL Database Synapse Analytics PDW FabricSQLDB] Passwords can be the weakest link in a server security deployment. Take great care when you select a password. A strong password has the following characteristics:
-
Is at least eight characters long.
-
Combines letters, numbers, and symbol characters within the password.
-
Is not found in a dictionary.
-
Is not the name of a command.
-
Is not the name of a person.
-
Is not the name of a user.
-
Is not the name of a computer.
-
Is changed regularly.
-
Is different from previous passwords.
[!INCLUDEmsCoName] [!INCLUDEssNoVersion] passwords can contain up to 128 characters, including letters, symbols, and digits. Because logins, user names, roles, and passwords are frequently used in [!INCLUDEtsql] statements, certain symbols must be enclosed by double quotation marks (") or square brackets ([ ]). Use these delimiters in [!INCLUDEtsql] statements when the [!INCLUDEssNoVersion] login, user, role, or password has the following characteristics:
-
Contains or starts with a space character.
-
Starts with the $ or @ character.
If used in an OLE DB or ODBC connection string, a login or password containing special characters must be enclosed in braces and right braces must be escaped. For example, the password my}Pass;word must be specified in the connection string like PWD={my}}Pass;word}.