You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/relational-databases/security/password-policy.md
+9-6Lines changed: 9 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,7 +47,7 @@ ms.author: vanto
47
47
48
48
Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. When password complexity policy is enforced, new passwords must meet the following guidelines:
49
49
50
-
- The password does not contain the account name of the user.
50
+
- The password doesn't contain the account name of the user.
51
51
52
52
- The password is at least eight characters long.
53
53
@@ -73,7 +73,7 @@ ms.author: vanto
73
73
74
74
- When CHECK_POLICY is changed to ON, the following behaviors occur:
75
75
76
-
- CHECK_EXPIRATION is also set to ON unless it is explicitly set to OFF.
76
+
- CHECK_EXPIRATION is also set to ON unless it's explicitly set to OFF.
77
77
78
78
- The password history is initialized with the value of the current password hash.
79
79
@@ -87,11 +87,11 @@ ms.author: vanto
87
87
88
88
- The value of `lockout_time` is reset.
89
89
90
-
Some combinations of policy options are not supported.
90
+
Some combinations of policy options aren't supported.
91
91
92
92
- If MUST_CHANGE is specified, CHECK_EXPIRATION and CHECK_POLICY must be set to ON. Otherwise, the statement fails.
93
93
94
-
- If CHECK_POLICY is set to OFF, CHECK_EXPIRATION cannot be set to ON. An ALTER LOGIN statement that has this combination of options will fail.
94
+
- If CHECK_POLICY is set to OFF, CHECK_EXPIRATION can't be set to ON. An ALTER LOGIN statement that has this combination of options will fail.
95
95
96
96
- Setting CHECK_POLICY = ON prevents the creation of passwords that are:
97
97
@@ -101,7 +101,11 @@ ms.author: vanto
101
101
102
102
- Any of the following: "password", "admin", "administrator", "sa", "sysadmin"
103
103
104
-
The security policy might be set in Windows, or might be received from the domain. To view the password policy on the computer, use the Local Security Policy MMC snap-in (**secpol.msc**).
104
+
The security policy might be set in Windows, or might be received from the domain. To view the password policy on the computer, use the Local Security Policy MMC snap-in (**secpol.msc**).
105
+
106
+
>[!NOTE]
107
+
>For SQL Server logins that have CHECK_POLICY enabled, if you run [ALTER LOGIN](../../t-sql/statements/alter-login-transact-sql.md) and do not include OLD_PASSWORD in the command to change the password, then [Enforce Password History](/windows/security/threat-protection/security-policy-settings/enforce-password-history) is ignored. This is a by-design behavior to allow password resets, despite any previously used passwords. Other checks associated with CHECK_POLICY, including length and complexity are checked regardless of whether OLD_PASSWORD is used.
0 commit comments