A better solution is for each physical instance of a device to have a default password that is strong and unique (and encoded in the firmware, such that a factory reset of the device doesn't make it default to a non-unique PW).
There are a few other ways to handle the problem of securing endpoint devices. For example, for devices that are intended to use a local aggregator, gateway, or proxy of some sort you can get around the issue (and improve the UX) by avoiding passwords entirely, and requiring that the device instead be paired with a base station through a physical action the user performs (pressing a button on both, knocking them together, etc.) instead.
Yes. But keep in mind that these where in part maintenance accounts not visible to users. The areas that also need to be kept in mind are manufacturing, maintenance, repair and upgrades.
There are a few other ways to handle the problem of securing endpoint devices. For example, for devices that are intended to use a local aggregator, gateway, or proxy of some sort you can get around the issue (and improve the UX) by avoiding passwords entirely, and requiring that the device instead be paired with a base station through a physical action the user performs (pressing a button on both, knocking them together, etc.) instead.