Use these sp_passwordpolicy parameters to specify the minimum number of characters (digits, upper and lower characters, and so on) in a password:
min digits in password – the minimum number of digits in a password. Disabled by default. Valid values are:
0 through 16 – the minimum number of digits that must exist in a password.
-1 – the password cannot contain digits.
min alpha in password – the minimum number of alphabetic characters allowed in a password. This value must be at least the sum of minimum number of uppercase characters and minimum number of lowercase characters. Disabled by default. Valid values are:
0 through 16 – the minimum number of special characters required for a password.
-1 – the password cannot contain special characters.
min special char in password – the minimum number of special characters for a password. Valid values are:
0 through 16 – the minimum number of special characters required for a password.
-1 – the password cannot contain special characters.
min upper char in password – the minimum number of uppercase letters for a password. Disabled by default. Valid values are:
0 through 16 – the number of uppercase letters required for a password.
-1 – the password cannot contain uppercase characters.
min lower char in password – the minimum number of lowercase letters for a password. Valid values are:
0 through 16 – the number of uppercase letters required for a password.
-1 – the password cannot contain uppercase characters.
minimum password length – the minimum password length. You can set a minimum password length from 0 to 30. The value you specify with must be at least the sum of all other minimum requirements. For example, minimum password length must be set to at least 10 if you have set:
minimum digits in password to 3
minimum special characters in password to 2
minimum uppercase characters in password to 2
minimum lowercase characters in password to 3
password expiration – the number of days a password can exist before it expires. You specify this value on a global basis. Disabled by default. Valid values are:
0 – the password will never expire.
1 through 32767 – the number of days the password can exist without expiring.
password exp warn interval – the number of days before a password expires that the password expiration warning messages displays. These messages display with every successful login until the password is changed or it expires. This value must be less than or equal to the password expiration. Disabled by default.
Valid values are 0 to 365.
maximum failed logins – the maximum number of failed logins that can occur before the login is locked. Specify this value globally. Disabled by default. Valid values are:
0 – logins are never locked, regardless of the number of failed login attempts.
1 through 32767 – the number of failed logins that can occur before the login is locked.
expire login changes the login status to expired when a system security officer creates or resets a login. The login is then required to change the password on the first login. Disabled by default. Valid values are:
0 – new or reset logins will not expire.
1 – new or reset logins expire; you must reset your password at the first login.
See sp_passwordpolicy in the Reference Manual: Procedures.
