Change all default passwords
Passwords need to ensure that only the person using the account can access it. It is therefore vital that each default password be changed, as it is known to several people and will be exploited in the first attempt to use the account fraudulently.
There are databases that contain all the default passwords of services or devices. These databases are exploited by malicious software that make an inventory of the devices and test them using the default passwords. Systematically changing passwords renders such an attack null and void.
Upon installation of your product, enter a password with a sufficient number of characters (+10), and use a variety of characters, capital and lower case letters, numbers and special characters.