We have quite a few software packages running on SQL Server here. It is amazing when a tech. person comes to install their app. and they either create or already have an extremely simple ID with a matching password or one letter password. AND or use 'sa' or grant 'sa' rights to a new ID..... When I question this and or say I want a different password assigned to the ID they look at me like I have two heads....

 Personally, I believe Microsoft needs to really change the thinking about security in SQL Server as with it being so open today small companies do this type of stuff and some of this poor security we are stuck with due to the design of the application. I know some of this has been addressed in SS2005 but I am not sure how much nor to what degree either.