Get Free Tips
MSSQLTips.com
Home » SQL Server stored procedure to generate random passwords
TSQL

SQL Server stored procedure to generate random passwords

written by Brent Shaub 0 comments

Problem

SQL Server is used to support many applications and one such feature of most applications is the storage of passwords.  Sometimes there is a need to reset a password using a temporary password or generate a random password for a new user.  In this tip I cover a simple stored procedure to generate random passwords that can be incorporated into your applications.

Solution

The following stored procedure creates strings of random characters based on four parameters that configure the result.

  1. LEN – specifies the length of the result (required)
  2. MIN – sets the starting ASCII code (optional: defaults to “48”: which is the number zero)
  3. RANGE – determines the range of how many ASCII characters to include (optional: defaults to “74”  (48 + 74 = 122) where 122 is a lowercase “z”)
  4. EXCLUDE – a string of characters to exclude from the final output (optional: defaults include zero, capital “O”, and these punctuation marks :;<=>?@[]`^\/)

Here is the stored procedure:

create proc [dbo].uspRandChars

    @len int,

    @min tinyint = 48,

    @range tinyint = 74,

    @exclude varchar(50) = ‘0:;<=>?@O[]`^\/’,

    @output varchar(50) output

as

    declare @char char

    set @output = ”


    while @len > 0 begin

       select @char = char(round(rand() * @range + @min, 0))

       if charindex(@char, @exclude) = 0 begin

           set @output += @char

           set @len = @len – 1

       end

    end

;

go

To use the stored procedure issue commands such as the following.

declare @newpwd varchar(20)




— all values between ASCII code 48 – 122 excluding defaults

exec [dbo].uspRandChars @len=8, @output=@newpwd out

select @newpwd




— all lower case letters excluding o and l

exec [dbo].uspRandChars @len=10, @min=97, @range=25, @exclude=’ol’, @output=@newpwd out

select @newpwd




— all upper case letters excluding O

exec [dbo].uspRandChars @len=12, @min=65, @range=25, @exclude=’O’, @output=@newpwd out

select @newpwd




— all numbers between 0 and 9

exec [dbo].uspRandChars @len=14, @min=48, @range=9, @exclude=”, @output=@newpwd out

select @newpwd

Here is sample output from the above commands:

sample random password output

Next Steps

  • Unsure what ASCII codes to use, refer to this list of ASCII codes
  • See where this procedure can be used in your application. Some examples include users inviting their friends or generating a new password by request or as a temporary replacement.
  • Determine your environment’s security policy including password length and valid characters.
  • Implement your password policy in the parameters.

mssqltips white logo

MSSQLTips.com delivers SQL Server resources to solve real world problems for DBAs, Architects, DevOps Engineers, Developers, Analysts, Cloud and Business Intelligence Pros – all for free. The content we serve is all human written and based on our authors’ real-world experience. Check out tips, articles, scripts, videos, tutorials, live events and more all related to SQL Server on-premises and in the cloud.

Resources

Community

Subscribe

Be a better SQL Server Professional – Join MSSQLTips.com

Copyright (c) 2006-2025 Edgewood Solutions, LLC All rights reserved
Facebook X-twitter Rss Envelope Linkedin
Copyright (c) 2006-2025 Edgewood Solutions, LLC All rights reserved
sql server 2025 guide