I agree with not accepting defaults. But if you set a rule against a default -- make it consistent.
My SW company was sold to a different parent company last October. I'm the DBA that is responsible for 99% of the export and conversion to the new SW.
So far, I have had to create a new password for for the AD login to the employee website and email. It has a level of obscurity such as uppercase and length.
Then about a week ago I had to have a login to another AD with different consistency for password strength.
Then today I was forced into another password strength in another system, with a different user id.
I don't use any of the systems, other than the e-mail, to retain any of them over the long-term.
So really my only option is to write or otherwise store, in clear text, my login information.
Where if all systems had a connection, or the same standard, then it wouldn't be a problem. Even worse, one ID is set to never change. One has a 60 day life cycle. The newest one I have no clue.
A little bit of this and a little byte of that can cause bloatware.