... which is "okay", since you can only access it (the admin web console) from within your wlan/lan (and not the internet) and ofc you can/should change it during setup
Most people (esp non-HNers) don't, they just let Comcast set it up. To make matters worse, they set the SSID to my last name, and the password was my address. Maybe that's one-off, but if standard, seems problematic.
I can confirm that two different ISPs have done this with my initial WiFi setup over the last few years. AT&T made it the initials of everyone staying in that house with the password set to their 800 number for service calls. Time Warner made it one person's first name and the password was his cell number.
On the other hand, a Midcontinent Communications (aka Midco) tech told me the password I wanted to use wasn't secure enough and brainstormed with me for a couple minutes on good SSIDs and passwords while he showed me the web admin interface on my laptop. I was very pleased with his visit and called the local office afterwards to pass along kudos!
I haven't seen a telecom-provided wireless setup in forever that didn't have the default password be fairly long and random, printed on a sticker on the back of the router.
Nope. Anyone within range of your wifi router can connect to it and most possibly the first username and password that they will try is admin\admin or admin\password
The parent posts here are talking about the admin interface to the router, not the wireless password. While it's technically true that anyone within range can connect, they can't authenticate without the wireless password, and so cannot access the admin interface.