Following are brief descriptions of the information you manage while administering login IDs. This is summary information presented for quick reference purposes only. For more information about login IDs and how they act within the overall scheme of SQL Server security, see Chapter 8, Security Concepts.
Because a password is confidential, it does not appear on the screen when you type it. The default password is NULL. If you leave the password box empty, the login ID will not have a password associated with it. Passwords that include characters other than A through Z or a through z or that begin with 0 through 9 must be enclosed in quotation marks.
When using standard or mixed security, you should not use a NULL password. With integrated security, there is no need to maintain passwords. However, if you change to standard or mixed security, anyone can log in if there are no passwords, so it is a good idea to set random passwords.
If a default database is not assigned, the default database is master. It is recommended that you assign users to a default database other than master, to discourage users from creating database objects in the master database.
A database username can have as many as 30 characters. The characters can be alphanumeric, but the first character must be a letter or the symbols # or _. If you don't type a username, the username is the same as the user's login ID.
Aliases are often used so that several users can assume the role of database owner. Aliases can also be used to set up a collective user identity, within which the identities of individual users can be traced.
When a user is added to a database, if no group is specified, the user belongs to the public group.
For more information about database users, database aliases, and database groups, see Managing Database Users.