All IoT device passwords shall be unique and not resettable to any universal factory default value.
Many IoT devices are being sold with universal default usernames and passwords (such as “admin, admin”) which are expected to be changed by the consumer. This has been the source of many security issues in IoT and the practice needs to be eliminated. Best practice on passwords and other authentication methods should be followed.
Primarily applies to: Device Manufacturers