California Bans Default Passwords on Any Internet-Connected Device

In less than two years, anything that can connect to the internet will come with a unique password -- that is, if it's produced or sold in California. From a report: The "Information Privacy: Connected Devices" bill that comes into effect on January 1, 2020, effectively bans pre-installed and hard-coded default passwords. It only took the authorities about two weeks to approve the proposal made by the state senate. The new regulation mandates device manufacturers to either create a unique password for each device at the time of production or require the user to create one when they interact with the device for the first time. According to the bill, it applies to any connected device, which is defined as a "physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address."

Default Password

the default password will be part of the mac address of the device
part of the serial number of the device
production date for the device.

et voila, unique id.
the users will have to change the default password on first use, and will change it to 12345 or secret or ... any other pretty obvious default password that is easy to remember like password. :-D

caption -- milked