Disable the sa account and leave it disabled.
For an admin account, create your own, windows authent or SQL authent, strong passwords, password policy, all the usual security steps
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability