When I tried to connect (with the 'sa' login) to our SQL server, I got an error message about invalid password. I tried again and again, with the same result. So, I reconnected to the SQL server in Windows authentication mode and reset the password of 'sa', but the question is whether somebody could remotely change the 'sa' password? Thanks,
Ilan.
Yes, the sa account's password can be changed remotely. That is, if someone already knows the sa password, they can log in with it, execute "alter login [sa] with password 'new password'" and bada bing the password is changed. Moreover, anyone with the alter any login permission on the server would be able to do the same.