Skip to content

Latest commit

 

History

History
48 lines (40 loc) · 2.4 KB

File metadata and controls

48 lines (40 loc) · 2.4 KB
title Strong Passwords
description Learn about passwords in SQL Server and find out what constitutes a strong password to enhance security for your deployment.
author VanMSFT
ms.author vanto
ms.date 12/16/2025
ms.service sql
ms.subservice security
ms.topic concept-article
ms.custom
sfi-ropc-nochange
ignite-2025
helpviewer_keywords
logins [SQL Server], passwords
passwords [SQL Server], strong
symbols [SQL Server]
security [SQL Server], passwords
passwords [SQL Server], symbols
characters [SQL Server], password policies
strong passwords [SQL Server]
monikerRange >=aps-pdw-2016 || =azuresqldb-current || =azure-sqldw-latest || >=sql-server-2016 || >=sql-server-linux-2017 || =azuresqldb-mi-current || =fabric-sqldb

Strong passwords

[!INCLUDE SQL Server Azure SQL Database Synapse Analytics PDW FabricSQLDB]

Passwords can be the weakest link in a server security deployment. Take great care when you select a password. A strong password has the following characteristics:

  • Is at least eight characters long.
  • Combines letters, numbers, and symbol characters within the password.
  • Isn't found in a dictionary.
  • Isn't the name of a command.
  • Isn't the name of a person.
  • Isn't the name of a user.
  • Isn't the name of a computer.
  • Is changed regularly.
  • Is different from previous passwords.

[!INCLUDE ssNoVersion] passwords can contain up to 128 characters, including letters, symbols, and digits. Because logins, user names, roles, and passwords are frequently used in [!INCLUDE tsql] statements, certain symbols must be enclosed by double quotation marks (") or square brackets ([ and ]). Use these delimiters in [!INCLUDE tsql] statements when the [!INCLUDE ssNoVersion] login, user, role, or password has the following characteristics:

  • Contains or starts with a space character.
  • Starts with the $ or @ character.

If used in an OLE DB or ODBC connection string, a login or password containing special characters must be enclosed in braces, and right braces must be escaped. For example, a password my}Pass;word must be specified in the connection string like PWD={my}}Pass;word}.

Related content