Good suggestion! It will cover user access security if internet access is on any interface.Maybe stupid question, but couldn't the (safe/complex/random/whatever) password be asked during the netinstall process for those (older) devices that still have the blank one?