In SQL Server 2000 it used to be best practice to set the owner of all databases to the sa account.
With the introduction of database ownership chains this is no longer a safe thing to do. A user with database owner rights in a user database that is owned by sa will get elevated privileges in the master database that could allow them to hack your system.
My understanding of current best practice is to set the db owner of all user databases to a named account that has low privileges. The account can even be set to disabled in SQL Server, to prevent anyone using it.
If you have some user databases in an ownership chain, then these databases should have an owner account that is different to all databases not in that chain.
The FineBuild Reference document has a section on how to set up a database owner account with low privileges and change your user databases to use this account. The FineBuild scripts can do this for you automatically as part of a SQL Server install.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara