I've been asked by corporate security to review our Azure SQL Databases and find out if there are any SQL Logins which have "short" passwords. I am not aware of a way to achieve this – I know I could alter the login and force them to use the windows password policy – but wouldn't this have the side effect of disabling the logins and making our applications fail ?
Does anyone have a suggestion – TSQL or Powershell preferably
Best Answer
Unfortunately (or fortunately), I believe there's no such query and the reason is there's no information about the password stored other than the hash of the password. If you query sys.sql_logins you'll see the column
password_hash
and, according to the doc, it contains theTherefore, to know the size of the password you would have to decrypt those hash to obtain the original password and if it was possible, it would be a security issue by itself.
The Policy Enforcement doc can help you better understand the behavior of that change.