Loss of Login Password

If a user who has key copies encrypted by his or her login password loses that password, the key custodian can recover access for the user.

For example, if the user “bill”, who has key copies encrypted by his login password, loses his login password, you can recover his access to encryption keys with these steps:

The SSO uses alter login to issue “bill” a new login password. SAP ASE drops any key copies assigned to “bill” for login association or key copies already encrypted by “bill”’s login password.
The key custodian follows the regular procedure for setting up key encryption by login association. He verifies that the master key or the system encryption password was set, and creates a key copy for “bill":
```
alter encryption key k1 
     with passwd 'masterofsecrets' 
     add encryption for bill 
     for login_association
```
This step assumes the key custodian still knows the base key’s password. If the key’s encryption password is unknown, the key custodian must first follow the key recovery procedure.
The next time “bill” accesses data encrypted by k1, SAP ASE reencrypts the key copy for "bill" using the new login password for “bill”. For example, if emp_salary is encrypted by key k1, the following statement automatically reencrypts the key copy for “bill” with his login password:
```
select emp_salary from emp 
     where name like 'Prisicilla%'
```