I'm not sure what is being asked now? There is no default password that I know of for every instance. I'm also not sure how strong the password is that is supplied during setup (with Windows only), but why do we care at this point? The advice is to create your own strong password for sa and disable the account if it is not being used.

Is there something I'm missing?