How to auto generate password in sql database?

Question

I am doing a mini project on bank account. Front end is ASP.NET and backend is SQL SERVER.
When a person creates an account, auto generated account number and password would be saved in the database and that account number and password would be sent to the email id of that user.

So that user can sign in with the provided account number and password. So my question is how to auto generate that account number and password. I am not getting how to do that.

Hoping for the best. Thank You!

"auto generated account number and password would be saved in the database and that account number and password would be sent to the email id of that user" No, they really shouldn't. — Preston Guillot, Oct 08 '13 at 17:55
Email is insecure. Emailing a password out is unwise. Let them generate their password, and hash it. If they forget their password, send them a link via email to reset it (ask security questions). — Chase Florell, Oct 08 '13 at 18:08

Chase Florell · Answer 1 · 2013-10-08T18:09:20.553

First off, allow them to create their own password and HASH that bugger. Don't email their password EVER. Email a link to reset if necessary, and expire the link shortly after sending.

Second, to generate an account number, I'd use a Guid

var accountNumber = new Guid.NewGuid();

In your database, you store the Hash version of the password, and upon login, you hash the login password and compare it against the database hash.

Also in the database, the Account number would be a UniqueIdentifier if you do choose to use a Guid.

Raj More · Answer 2 · 2013-10-08T17:48:07.967

Here is the most random way I can think of:

Select NewID() as UserName, NewID() as Password

Of course, your users aren't going to like this because it is really very long:

UserName                             Password
------------------------------------ ------------------------------------
F050EF1A-1D6C-4A20-991C-F6B034AEBD2E 86C8D5FC-D09E-45FF-9A4F-041239082C5E

So let's shorten it to 8 characters:

Select 
    SubString (Cast (NewID() as VarChar(50)), 1, 8) as UserName, 
    SubString (Cast (NewID() as VarChar(50)), 1, 8) as Password

This looks better:

UserName Password
-------- --------
63B1A547 D5566B8C

Since you want this to be generated when the row is saved, you probably have an INSERT statement that puts the account owner's information into the database. Modify that particular line of code to do this insert as well:

Insert Into AccountTable (UserName, Password)
Select 
    SubString (Cast (NewID() as VarChar(50)), 1, 8) as UserName, 
    SubString (Cast (NewID() as VarChar(50)), 1, 8) as Password

Of course.. since you know the account owners name, you can query back to get the owner. A much better idea is to have an identity column on the table, and use Scope_Identity to get the row you just inserted.

[Guids are NOT secure enough to use for passwords](http://stackoverflow.com/a/3653032/163495). They are both predictable, and increase the chance of brute forcing by using a signifcantly reduced character set (16 possible characters only!) — Richard, Oct 08 '13 at 17:55
@Richard, the OP is doing a mini project where he is **emailing** the username and password. If it were to be a serious undertaking, the parameters would be pretty stringent, just like you're saying - HTTPS, one way Hash storage, encrypted web services.. you name it! — Raj More, Oct 08 '13 at 17:59
The OP might be asking for something thing without the full understanding of consequences. If this is just a little hack project, your hack answer will suffice, but if this is *actually* dealing with banking (at any level), this answer could lead someone down a VERY wrong path. /cc @Richard — Chase Florell, Oct 08 '13 at 18:52

How to auto generate password in sql database?

2 Answers2