it is different from org to org, I worked for a one where we renamed the admin account to a 16 letter one and the password was a min of 19 Char.
best practice, secure the account and use tokens, rename the account and use complex password as much as you can.