Re: “allow Admin users to circumvent access controls”
"If you are going to ship a device with any standardized default credentials"
Why does a device need to ship with default credentials? Why not a mandatory setup question before first use?
Ill-advised use of default credentials is a problem that real computers with real OSes sorted maybe three decades ago. Sadly, it seems like that's long enough for people to (a) forget the problem (b) forget the solution.