From a SQL server standpoint,
SQL server passwords are inherently less secure than Windows authentication; you can use a brute force/dictionary attach to attempt to get SQL server access. Windows Authentication means you've logged in securely on the domain, so you are able to pass a trusted token around instead of exposing your password.
SQL authentication is disabled, by default, on a new SQL installation for that specific security reason.
Ohh ... but both my accounts are domain accounts. One account, I can access email, internet, etc but not SQL Server. Another account, I can access SQL Server, well internet as well; but not emails.
So my thoughts here are when there's an issue, I would log in to domain account #1; read my emails / problems. Then, log off, and log on to domain account #2 to get to MSSQL to fix the issue. And if there are follow up emails that I may need; then I'll log out of domain account #2 and log on to domain account #1 to get the emails ... and back and forth. And on the same machine!!!
So here I am wondering ... how viable is that plan? And what are the possibilities that virus / malware transmits from desktop through SSMS to MSSQL server?
I agree it could be a little of both. Many shops use two accounts in AD - one admin level account and one is a user level account. AV software and malware detection software should help with the malware concern.
Ohh ... my "secure" account doesn't have any groups - only Domain User. So it's not an admin account whatsoever. Just that username is being added as sysadmin in MSSQL