When I got Verizon Fios the router came with a unique password, but only for Wi-Fi. The actual device login was a default (actually technically just one of the "default" logins techs commonly used; I had to Google this).
I think this can be helped by not allowing remote access until the default password has been changed. If you're going to require remote access you should know enough that you should try to secure your device.
Obviously, this doesn't help the problem with weak password or technicians commonly changing the device default and then re-using that device in another household. But it's a start.