Comment Re:Comcast routers (Score 1) 154
Hardcoded initial passwords should never be used for anything other than the first access to a device (after a reset) to configure it with the customers own password and settings. It should also not be usable from any public facing interfaces, but that's a side issue. This is no different from being given a temporary password and told to change it when you first login to a computer or web site.
Leaving default passwords, even if they are unique per device, exposes the security risk that someone will discover those passwords. With unique passwords, all someone needs to find is the database or printing records used to create all those unique labels, or they can discover an algorithm used to generate the unique passwords. Once hacked, unique passwords provide only marginally better security than identical default passwords, but they create a bigger issue because of the false sense of security they have given users that assume they are secure.