Why not use NT Authentication?

That would let you use all the current enterprise tools for maintaining and controlling passwords (such as expiration, min length, etc).

Yes, you need to manage the passwords that unattended applications use (user applications can just login as the user), but you'd have to do that anyway with SQLAuth.

Jtango brings up a good point -- it's much better to use a long pass-phrase (or even sentence) than a short one.  If your password is < 14 letters, there is the chance that windows will accept a NTLM hash (which is completely dicionaried; given the hash [the part that is sent over the network], they can just look-up a valid password for that hash).  Though I'm not sure what effect the "word<sp>word<sp>word" pattern or the generally low-entropy-per-length has on the hash value.