Everybody knows how important it is to use Managed Account on SharePoint Server. This is not only a security best practice but even a governance best practice.
But what is the biggest danger of something called a “Managed Account”? Actually you can say there isn’t any danger because it’s a generic account, with a very difficult password that can’t be changed (only on
Active Directory level) …
You're all right! But is a strong and very difficult password being enough to secure the Farm Administrator or Site Collection Administrator password? The real danger is that everybody after a while knows all the passwords because they are never changed. It
can be 20 characters written in Arabic. If you don’t change it everybody will know and they can do any modification without being identified!
That’s a real danger (security issue)! How do we resolve this? Enable Automatic Password Change