I’ve written previously about auditing or cracking SQL Server login passwords either online (inside the instance itself) or offline (exporting the hashes and using a specialized cracking tool).
Last week, Microsoft’s Pieter Vanhove published a blog post that covers What’s new in SQL Server 2025 security.
This is one of the few instances in which I’d prefer things be slower in the database.