Having Integrated Security set to True or SSPI means that a user will be able to login to a database using their Windows login information.
This means that if someone would login with domain\username MYCOMPANY\username and their password on their computer the database will recognize this user as logged in at a
domain controller[
^]. This is of course easy for the user as SQL Server recognizes them and the user doesn't have to log in again. Of course this is absolutely safe since a hacker would only be able to login if they were actually on the same domain as the user.
A downside to this is that if the user is not currently logged in to the domain they have no way of accessing the database by Integrated Security. In this case a username and password will be necessary (and Integrated Security is false). Luckily the two don't rule each other out.
So when you can you should try to log in using Integrated Security. Of course users should have permission for this.
Read here for more information[
^]. So as you can see it's not a question of "what's better", but "what is more suited for the current situation". You will see when you login to SQL Server you get a login form asking you if you want to login using Windows Authentication (Integrated Security) or SQL Server Authentication (username/password combination). Now you make the decision what you need :)
Submit an article or tip