How to Change Passwords in SQL Server

Galaxy Glossary

How do I change a SQL Server login password?

ALTER LOGIN … WITH PASSWORD lets you change a SQL Server logins password, optionally validating the old password and enforcing policy rules.

Sign up for the latest in SQL knowledge from the Galaxy Team!

Description

ALTER LOGIN is the fastest, safest way to rotate SQL Server passwords without recreating logins or disrupting permissions.

Why use ALTER LOGIN instead of GUI?

Scripts are auditable, repeatable, and can be automated in CI/CD pipelinescritical in engineering-heavy teams.

What is the basic command?

Use ALTER LOGIN login_name WITH PASSWORD = 'newPwd'; The statement runs in <80 ms on most systems.

How do I change my password?

Connect with your login and supply OLD_PASSWORD for extra safety:

ALTER LOGIN CURRENT_USER WITH PASSWORD = 'N3wStr0ng!' OLD_PASSWORD = 'CurR3nt!';

How can an admin rotate another logins password?

Sysadmins skip OLD_PASSWORD:

ALTER LOGIN ecom_app WITH PASSWORD = 'Sup3rS3cur3!';

How do I enforce or skip password policy?

Add CHECK_POLICY = ON | OFF and CHECK_EXPIRATION = ON | OFF depending on compliance needs.

Can I force the user to change the password at next login?

Not directly. Combine ALTER LOGIN with ALTER LOGIN ... MUST_CHANGE in Windows Authentication or use AD.

Best practices for production databases

1) Always use strong, generated passwords. 2) Run GRANTs on new logins in a transaction. 3) Rotate secrets in the app config immediately after ALTER LOGIN completes.

Common mistakes to avoid

See the dedicated section below to keep outages away.

Need to verify the change?

Query sys.sql_logins:

SELECT name, password_last_set_time FROM sys.sql_logins WHERE name = 'ecom_app';

Why How to Change Passwords in SQL Server is important

How to Change Passwords in SQL Server Example Usage


-- Rotate the application login used by the Orders microservice
ALTER LOGIN ecom_app WITH PASSWORD = '2024_Spring#Repl';

-- Verify the timestamp updated
SELECT name, password_last_set_time
FROM sys.sql_logins
WHERE name = 'ecom_app';

How to Change Passwords in SQL Server Syntax


ALTER LOGIN <login_name>
    WITH PASSWORD = '<new_password>'
         [ OLD_PASSWORD = '<old_password>' ]
         [ MUST_CHANGE ]
         [ UNLOCK ]
         [ CHECK_POLICY = { ON | OFF } ]
         [ CHECK_EXPIRATION = { ON | OFF } ];

-- Ecommerce example
ALTER LOGIN ecom_app WITH PASSWORD = 'S3cUr3P@ss!' CHECK_POLICY = ON;

Common Mistakes

Skipping CHECK_POLICY when your server has policy enforcement ON. The login may fail future logins if the new password doesnt pass Windows rules. Always specify CHECK_POLICY = ON to inherit server settings, or OFF only when youre sure.
Forgetting to update application connection strings after the change. This causes sudden authentication errors. Deploy configuration changes immediately or use a secret manager to sync passwords.

Frequently Asked Questions (FAQs)

Does ALTER LOGIN disconnect active sessions?

No. Existing connections stay alive. Only new connections require the new password.

Can I change passwords for contained database users?

No. Use ALTER USER WITH PASSWORD inside the contained database instead.

Is the password stored in plain text?

Never. SQL Server hashes the password before storing it in sys.sql_logins.

Want to learn about other SQL terms?

dbt tests

dbt tests are declarative assertions in dbt that automatically validate data quality during model builds.

dbt utils

dbt utils is a community-maintained dbt package that adds time-saving utility macros for analytics engineers, such as generating surrogate keys, safely unioning models, and automating date spines.

dbt Tutorial Glossary: Build, Test & Deploy SQL Models

dbt is an open-source framework that lets data teams transform raw warehouse tables into tested, documented, production-ready datasets using version-controlled SQL.

Trusted by top engineers on high-velocity teams

Assort Health

Curri

Rubie