SQL Server Local Account Passwords

Issue

Weak passwords are one of the main causes of security breaches. Examples of weak passwords are names of children or pets, or common words found in the dictionary, such as "happy."

It is outside the scope of this tool to check for all possible weak passwords on Microsoft® SQL Server™ accounts. Rather, this tool only checks for a few commonly used weak passwords as outlined below:

• Password is blank.
• Password is the same as the user account name.
• Password is the same as the machine name.
• Password uses the word "password."
• Password uses the word "sa."
• Password uses the word "admin" or "administrator."

This check also notifies you of any accounts that have been disabled or are currently locked out.

Solution

Set a complex password on all local SQL Server accounts. Follow the recommendations for strong passwords contained in the articles referenced in the Additional Information section.

Additional Information

Implementing Guidelines for Strong Passwords

Assigning an sa Password

©2002-2004 Microsoft Corporation. All rights reserved.