“Under the new law, all new internet-connected devices made or sold in California with a default password will be required to make that password unique and secure for every single device. That means no more devices shipped with username/password combos of “admin/admin,” for example. It’s far from a panacea—and really, why aren’t you using a password manager already—but it’s a step towards at least a minimal baseline of security in our internet-of-things addled future.”
Source : California Is Making It Illegal for Devices to Have Shitty Default Passwords – Motherboard