paul.knibbs (1/14/2014)
Jeff Moden (1/13/2014)
Unless someone changed it, the SA password is the one used when SQL Server was installed.
But you're not asked to specify an SA password during setup if you select Windows authentication, are you? :unsure:
Exactly, I know the risk is small, but if the instance was placed in Mixed Mode and the sa account enabled (by mistake, or a script, or something), how secure is the password? Is it easy to reverse? Is it as secure as a SHA-256 one way hash function? Am I worrying unnecessarily about vanishingly small probabilities of edge cases?