Azure SQL logo

If I can’t use PWDENCRYPT, how am I supposed to use HASHBYTES?

For this week, here is a short post about reinventing the wheel. An interesting conversation happened on Twitter where Dave Dustin asked: “Does anybody have an example of using HASHBYTES() to replace PWDENCRYPT() per the documentation that the latter is deprecated?” – Dave Dustin Dave is referring to the Microsoft Docs page for PWDENCRYPT(), which
-> Continue reading If I can’t use PWDENCRYPT, how am I supposed to use HASHBYTES?

red LED signage

What is a strong password anyway?

Background Fellow Microsoft MVP Troy Hunt (blog | Twitter) has been operating the website¬†Have I Been Pwned (HIBP) for a number of years now. For the record, “pwned” is pronounced like “owned” but with a “p” in front of it. Don’t use the term in public unless you’re in a room full of information security
-> Continue reading What is a strong password anyway?

How to really store a password in a database

Recently I wrote: Don’t store passwords in a database. I stand by this statement. I expected a lot of flak because I didn’t explain myself. This post goes into a bit of an explanation of my position, as well as how to go about storing something in a database that can be used for authenticating
-> Continue reading How to really store a password in a database