If you are on a domain the most secure method is to use Windows Authentication only when you install SQL Server. If you have to have mixed authentication, you shouldn't rename sa, but you should disable it. You should still use domain accounts for DBA's, I actually recommend that this be a different account than your normal domain account, which you use only for doing DBA work. This way when you are logged in to your workstation with your regular account for email, etc... you aren't exposed if your workstation gets compromised.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question