As one of the many bills around the country and world that is working to protect devices and data, the state of California has banned the use of simple or default passwords on internet-connected devices made or sold in its borders, mandating that every item have its own unique password upon its creation. Customers who suffer from companies noncompliance with the law will be able to sue them. Beyond unique passwords, companies must also ensure that products have “reasonable” security features.
Source: Weak passwords banned in California from 2020 – BBC News