The U.S. Computer Emergency Reediness team (US-CERT) has released an alert about the risks of not changing default passwords on critical infrastructure devices that can be accessed from the Internet, and how easy it is for attackers to obtain devices default passwords and use online tools to scan for such devices.
Among the recommended best practices which are also detailed in the same alert release, the way forward is for vendors to design systems that require a password change the first time a default password is used on their products. Some recent wireless routers already provide such functionality.
Read more here – https://www.us-cert.gov/ncas/alerts/TA13-175A