I think it's about being a configuration management nightmare. If every device has a unique password, you need the decoder ring for serial number to password. However, not all processors have unique IDs. So you either need to find a way to reliably serialize each board during manufacturing and hope it stays (like a sticker/laser/printer/etc) or add a serial number chip which is cost and complexity. It's not impossible, it's just extra work that usually goes unrewarded.

▲

HFguy 6 hours ago | parent | next [-]

I'm a long way from embedded development. But I was under the impression a lot of microcontrollers these days have some ID capability built in, even some relatively low-end ones. This strikes me more as laziness than anything.

	▲	peterus 5 hours ago \| parent \| next [-]
		This is true, for example many stm32 series have a 96 bit unique id which is derived from the lot number, wafer id and position [1]. Even the low cost stm32g0b1 series I am using has them, but they are missing from some older series. [1] https://community.st.com/t5/stm32-mcus/how-to-obtain-and-use...
	▲	adrian_b 4 hours ago \| parent \| prev \| next [-]
		Moreover, on any device that is connected to Internet you already have a unique MAC address on its Ethernet or WiFi interface. You can hash this unique MAC address, together with other data that may be shared with the other devices of the same kind, to generate unique keys or other kinds of credentials.
	▲	Neywiny 5 hours ago \| parent \| prev [-]
		Surprisingly it's not everywhere. I'm very in embedded development and cannot count the amount of time I look for "unique" "id" etc in a reference manual and come up short. It's certainly more common than not, but you often have to design systems for the lowest common denominator.

▲

NegativeK 4 hours ago | parent | prev | next [-]

> It's not impossible, it's just extra work that usually goes unrewarded.

That sounds like profit motivated negligence, and it sounds like a standard justification for why Europe is going to hold companies liable.

	▲	Neywiny 4 hours ago \| parent \| next [-]
		It is indeed. And that sucks but that's what it is. Product design is about calculated risks and trades. It's a good thing regulators are here to help because companies won't do it on their own and the general public doesn't care enough.
	▲	jcgrillo an hour ago \| parent \| prev [-]
		We will all owe the EU a massive debt of gratitude. Hopefully USB C was just the tip of the iceberg.

▲

Msurrow 6 hours ago | parent | prev [-]

I have not knowledge of this kind of software dev/hw production, so can you please explain why the units cant just be born with a default pass and then have the setup process (which is always there) Force the owner to set a new password?

Knowledge or not, this..

> It's not impossible, it's just extra work that usually goes unrewarded.

.. is just not an acceptable way for business to think and operate i 2026, especially not when it comes to internet connected video enabled devices

▲

Neywiny 5 hours ago | parent | next [-]

I'll answer your question with a question: how often do you see people complaining about needing setup processes vs the old way of just plug and play? There's no perfect answer that placates all sides. Things can certainly be better, but when those people win and you no longer need to have a setup process, then what?

While true that in $current_year it would be nice if things were more secure, the sad truth is that most people don't care.

	▲	Msurrow 3 hours ago \| parent [-]
		I agree that yes most just want PnP and basically don’t care about security. But it seemed on the posts above that there was an engineering complexity, and a robot vaccum needs local WiFi, so there will be a setup flow. Whats preventing a password selection just be part of that?

▲

thenthenthen 5 hours ago | parent | prev | next [-]

I am shocked really, i think this is actual law in China.

▲

thenthenthen 5 hours ago | parent | prev [-]

This is just people working 24/7 for 50 dollars a month? Because we want cheap shit