After switching to mixed mode, it's a good practice to set a new and secure password for the SA account, and the default password is insecure (I also don't know what the default password is). If you don't want to use the SA account, just keep the account disabled as it was.

Just as this article[/url] explains, the old versions of SQL Server 2008/2005/2000 use only the SHA1 hashing algorithm to encrypt the password whereas SQL Server 2014/2012 have moved to use a stronger algorithm SHA512.

Additionally, you can also enable the password policy for your SQL Server account, which gets your account to auto lockdown after a certain number of invalid logon attempts.