By default each ESXi host has a single root user account with the Administrator role. That root user account can be used for local administration and to connect the host to vCenter Server.
This common root account can make it easier to break into an ESXi host because the name is already known. Having a common root account also makes it harder to match actions to users.
For better auditing, create individual accounts with Administrator privileges. Set a highly complex password for the root account and limit the use of the root account, for example, for use when adding a host to vCenter Server. Do not remove the root account. For more information about assigning permissions to a user for an ESXi host, see vSphere Single Host Management - VMware Host Client documentation.