Username and Password in SQL Server

User Names and passwords are saved in sys.syslogins table of Master DB but SQL Server doesn’t save passwords in plain or encrypted form for the obvious purpose of Security. When you query sys.syslogins table, it will return an un-readable string in password field. Passwords are saved in hashes and because they are one way hashes hence they can’t be reversed. We can use pwdcompare to compare password hashes and can identify a user but can never return a plain password string. This query might help.

SELECT * FROM sys.syslogins WHERE pwdcompare(‘somepassword’, password) = 1

Leave a Reply

Your email address will not be published. Required fields are marked *