| title | SQL Server Login Password Strength | |
|---|---|---|
| description | SQL Server Login Password Strength | |
| author | VanMSFT | |
| ms.author | vanto | |
| ms.date | 12/15/2023 | |
| ms.service | sql | |
| ms.subservice | security | |
| ms.topic | reference | |
| helpviewer_keywords |
|
[!INCLUDE SQL Server]
This rule checks whether "Enforce password policy" of each [!INCLUDE ssNoVersion] login is enabled. If [!INCLUDE ssNoVersion] Authentication is enabled and if the operating system version is earlier than [!INCLUDE winserver2003], an attacker could repeatedly exploit a known [!INCLUDE ssNoVersion] login password.
We recommend that you upgrade the operating system to [!INCLUDE winserver2003].
If [!INCLUDE ssNoVersion] Authentication isn't required in your environment, use Windows Authentication.
Enable "Enforce password policy" for all the [!INCLUDE ssNoVersion] logins. Use ALTER LOGIN to configure the password policy for the [!INCLUDE ssNoVersion] login.