Steve Jones - SSC Editor (1/14/2014)
Is there something I'm missing?
I think Patrick noted it. It's set to an empty string if not specified during install. If I remember the install for 2012 correctly, if you do not choose mixed mode, no pwd is entered.
This is a bad idea. Personally I'd say always choose mixed mode, enter a random password if you don't need it, and then change to Windows only once you complete the install.
Well, it is correct, that entering your own password is the best idea
But I can also assure you, that SQL Server does NOT use an EMPTY password for the sa Account by Default during setup. This was prohibited since 2000 SP4 if I am not mistaken.
And since 2005 at up to now, if you do not specify mixed mode, SQL Server will auto-generate a RANDOM password - not a default password. Microsoft actually did learn from some mistakes (not looking at Oracle with "ORA", am I? ;-D )
And just for completeness: Yes, SQL Server onwards uses 256 bit SHA2 for hashing, while SQL 2008/R2 used SHA1 with 160 bits. So complexity does matter.
Andreas
---------------------------------------------------
MVP SQL Server
Microsoft Certified Master SQL Server 2008
Microsoft Certified Solutions Master Data Platform, SQL Server 2012
www.insidesql.org/blogs/andreaswolter
www.andreas-wolter.com