Require user to set PIN other than default (b.2 of SB 327)
According to California US Law:
https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327
Subsection (b) Subject to all of the requirements of subdivision (a), if a connected device is equipped with a means for authentication outside a local area network, it shall be deemed a reasonable security feature under subdivision (a) if either of the following requirements are met: (1) The preprogrammed password is unique to each device manufactured. (2) The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.