| title | SQL Server Login Password Expiration | |
|---|---|---|
| description | Check whether password expiration of each SQL Server login is enabled to help counter a possible attack in SQL Server. | |
| author | VanMSFT | |
| ms.author | vanto | |
| ms.date | 12/15/2023 | |
| ms.service | sql | |
| ms.subservice | security | |
| ms.topic | reference | |
| helpviewer_keywords |
|
[!INCLUDE SQL Server]
This rule checks whether "Password expiration" of each [!INCLUDE ssNoVersion] login is enabled. If [!INCLUDE ssNoVersion] Authentication is enabled and if the operating system version is earlier than [!INCLUDE winserver2003], an attacker could repeatedly exploit a known [!INCLUDE ssNoVersion] login password.
We recommend that you upgrade the operating system to [!INCLUDE winserver2003].
If [!INCLUDE ssNoVersion] Authentication isn't required in your environment, use Windows Authentication. For more information, see Choose an authentication mode.
Enable "Password expiration" for all the [!INCLUDE ssNoVersion] logins. Use ALTER LOGIN to configure the password policy for the [!INCLUDE ssNoVersion] login.