Where I work, we require that a SQL login be created by the DBAs. We require that the password be 10 characters long and have 2 symbols, 2 upper case, 2 lower case and 2 numbers. We then must hand deliver the password and username to the developers if they are in our building or drive it to them if they are nearby, when that fails by phone is acceptable. We also store our passwords in Password Safe.

All in all, this has worked well for us. Only problem is it leaves a physical copy of the password in the hands of the developer which may not be best.