This rule checks the registry to report the login security configuration of an instance of SQL Server when it is running on Windows XP, Windows Server 2003, or Windows 2000.
Best Practices Recommendations
When possible, use Windows Authentication.
Windows Authentication uses Kerberos security protocol, provides support for account lockout, and supports password expiration. For Windows Server 2003, Windows Authentication also provides password policy enforcement in terms of complexity validation for strong passwords.
For More Information