Thanks. Always good to read articles about security.

In our case we have a strong password for the sa account. To keep track of all the DBA activities we use for several DBA's a personal administrator account.

Only Windows authentication is not an option for us. The database administrators rights are of less concern than all the users being capable of login in with or without Windows authentication with a lot of tools other than the application where the database in the first place is used for.

We have build our own software with a built-in password scrambler. So the password you use to connect to the database is different from the one you type in at connect time. That's our solution to keep all those end users out of the database. So in no way Windows authentication for us!