The default password as we have known it is now a thing of the past. There seems to be some confusion about the new default password and why you are just now seeing the change.
A quick explanation of why the change was made, on January 1, 2020 a law in California changed the way passwords are handled for any device connected to the internet. The new California state law (SB-327) states that manufacturers of any device connected to the internet (IoT-device) that want to sell their products in California have to equip the devices with “reasonable security feature(s)”. Manufacturers failing to do so will face enforcement from the California Attorney General and local officials.