Having the same password for every device is a serious security issue (webcam stream, ...)

(1)
I propose to disable every route and make the web application unusable until the password is changed.

On the backend:

• Implement a change wifi password route
• check the password, if it's the default, disable every route but the change wifi password one, then force a redirect to a change password page on the frontend

On the frontend:

• Implement a simple page allowing to change the password

(2)
An alternative could be to generate a new password, show it to the user, making sure the user has taken note of (confirmation dialog?) then reboot the wifi service and apply the new password, on the first run.

Any opinion on this? @previ @leonardo77