I had this question come up at work the other day and while I knew it was true I wasn’t as sure about why as I’d like. The person I was working with wanted a real answer, not just Because I say so, so off to the internet I went.
What I knew before I started:
- SQL doesn’t actually encrypt its passwords. It uses a password hash which isn’t as secure as true encryption.
- Using windows authentication allows for an easier separation of duties. A security team can handle the Active Directory users and passwords while all the SQL Server admin has to do is grant the existing ID necessary permissions.
A quick search on the internet took me here: Choosing an Authentication Mode. And if you go down to the section Connecting Through Windows Authentication it points out a few important things and then even farther down the section Disadvantages of SQL Server Authentication has a bit more. Then I found a couple of good forum questions here and here. In summary (and only discussing actual security features):
Continue reading on SQLStudies.com.