Default passwords such as "admin" and "password" will be illegal for electronics firms to use in California from 2020.
The state has passed a law that sets higher security standards for net-connected devices made or sold in the region.
It demands that each gadget be given a unique password when it is made.
Before now, easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm.
The Information Privacy: Connected Devices bill demands that electronics manufacturers equip their products with "reasonable" security features.
This can mean a unique password or a start-up procedure that forces users to generate their own code when using the gadget for the first time.
The bill also allows customers who suffer harm when a company ignores the law to sue for damages.
Writing on tech news site the Register Kieren McCarthy said the law was "a step forward" but also a "massive missed opportunity".
A bigger problem than poor passwords was the creation of devices that could not be updated, he said.
California should have added clauses that required manufacturers to take a more rounded approach, he said, to limit how much access malicious hackers can get to all kinds of devices.
Many recent cyber-attacks have taken advantage of the default and easy-to-guess passwords on the devices found in millions of homes and offices.
In late 2016, Twitter, Spotify, and Reddit were among sites taken offline by an attack that took advantage of poor passwords on lots of net-connected gadgets including webcams and other so-called smart home hardware.
An attack by malware known as VPNFilter is currently targeting home routers and is believed to have infected more than 500,000 devices.
Have your say
More Technology Headlines
- Women whose boyfriends watch porn ‘more likely to develop eating disorders’
- Galaxy S10 to be released March 8
- Apple to investigate Saudi app that tracks women
- Huawei to start Africa data centre services from March
- Siemens partners WestPark to build industrial, business park in Africa
- Unraveling the journey of Vodafone 4G
- Google and Facebook 'need fake news regulator'
- Siemens launches FABRIC to turn urban data into dynamic visualisation of Jamestown
- Celltel, CEIEC, RAC sign MOU for $300m Smart Cities project
- Is the internet bad for us?
- Huawei sets new record, over 200 million phones sold in 2018
- Apple to pay teen who found FaceTime bug
- Facebook adds new Group tools as it looks for ‘meaningful’ conversations
- KNUST Teaching Assistant manufactures affordable incubators
- New Samsung true wireless earbuds appear in leaked promotional image