When handling and maintaining password for Symantec Web Gateway, Symantec suggests the following best practices:

• During the initial install wizard, create a secure username for the system account within the user interface of SWG appliance.
• As a post-install task, change the password for the admin account within the command line interface (CLI).
• As a post-install task for SWG8490 model, when using the iDRAC, create a secure username and password for the iDRAC interface.
• Take care to not lose the password for the admin account within the CLI of Symantec Web Gateway. The method for securing the password for this account is re-installing the SWG operating system from DVD or OVF.
• Create and use secure passwords.
• If business continuity requirements in your organization include storing a password for SWG in a file, encrypt the file and restrict file access to authorized personnel.
• After you reset an administrator's password, use a secure method (such as a phone call) to notify the administrator of the new password. Email messages are not typically secure methods.
   

To create secure usernames, consider the following suggestions:

• Create usernames with eight (8) or more characters.
• Avoid using usernames which are the same as built-in administration accounts for other common operating systems or devices, which are typical targets of brute force password attacks. Examples to avoid include: 
  - root
  - Administrator
  - admin
  - sa

To create secure passwords, consider the following suggestions:

• Do not create a password that uses any of the following formats:
  - A word that is found in a dictionary (in any language or jargon)
  - A name (such as the name of a spouse, parent, child, pet, fantasy character, famous person, or location)
  - Any variation of your personal name or account name
  - Accessible information about you (such as your phone number, license plate, or social security number) or your environment
  - A birthday or a simple pattern (such as backwards, followed by a digit, or preceded by a digit)
   
• Create a password that is based on the following recommendations:
  - Use a mixture of upper and lower case letters, as well as digits or punctuation
  - Make sure the password is unrelated to any previous password
  - Use long passwords (eight characters or longer)
  - Consider using a pair of words with punctuation inserted
  - Consider using a pass phrase (an understandable sequence of words)
  - Consider using the first letter of each word in a pass phrase