Default passwords such as "admin" and "password" will be illegal for electronics firms to use in California from 2020.
The state has passed a law that sets higher security standards for net-connected devices made or sold in the region.
It demands that each gadget be given a unique password when it is made.
Before now, easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm.
The Information Privacy: Connected Devices bill demands that electronics manufacturers equip their products with "reasonable" security features.
This can mean a unique password or a start-up procedure that forces users to generate their own code when using the gadget for the first time.
The bill also allows customers who suffer harm when a company ignores the law to sue for damages.
Writing on tech news site the Register Kieren McCarthy said the law was "a step forward" but also a "massive missed opportunity".
A bigger problem than poor passwords was the creation of devices that could not be updated, he said.
California should have added clauses that required manufacturers to take a more rounded approach, he said, to limit how much access malicious hackers can get to all kinds of devices.
Many recent cyber-attacks have taken advantage of the default and easy-to-guess passwords on the devices found in millions of homes and offices.
In late 2016, Twitter, Spotify, and Reddit were among sites taken offline by an attack that took advantage of poor passwords on lots of net-connected gadgets including webcams and other so-called smart home hardware.
An attack by malware known as VPNFilter is currently targeting home routers and is believed to have infected more than 500,000 devices.
Have your say
More Technology Headlines
- Ghana sets May 27 to mark National Girls ICT Day
- Amazon set for facial recognition revolt
- Bleach peddled as 'miracle' autism cure on YouTube
- Huawei's Android loss: How it affects you
- Huawei responds to Android ban
- Google restricts Huawei's use of Android
- How to use Google Maps to help someone find you
- Ghana marks World Telecommunications Day
- Vice President to be honoured as Digital Leader of the Year
- Tech Tent - Who’s spying on you?
- Ghana to take center stage at the global Africa forum on communications
- Facebook bans "inauthentic" accounts targeting Africa
- Samsung and Huawei end years-long patent battle
- Facebook imposes restrictions on live-streaming to prevent future abuse
- WhatsApp hack: Is any app or computer truly secure?