Information
Contained databases do not enforce password complexity rules for SQL Authenticated users.
The absence of an enforced password policy may increase the likelihood of a weak credential being established in a contained database.
Solution
Leverage Windows Authenticated users in contained databases.
Impact:
While contained databases provide flexibility in relocating databases to different instances and different environments, this must be balanced with the consideration that no password policy mechanism exists for SQL Authenticated users in contained databases.