Securing a server ID with a password is optional, but should be mandantory.
The downside is that you cannot perform an unattended restart of the server ( Domino or / and OS ).
So we need a mechanism to apply the password automatically.
There is at least one 3rd party tool available ( BCC Domino Protect ). Domino Protect does a lot more than just apply the password.
You can also write your own extension manager using cAPI to achieve the goal. This is what I have done.
But I would like to see this functionality as part of the core product code.
The options to create / store the password could be
1. Set a password in the admin client and store it ( encrypted ) in a place where can access it during server restart.
2. Let the code create a random, high complex password
3. Let the code create a random, high complex password based on properties of the used hardware. This would it make more secure, because the password would not have to be stored anywhere on the machine.