AT&T and a few others currently deal with this problem by having a random password assigned for the admin user printed on a sticker on the side of their Modem/Router combo boxes. It seems to work pretty well.
Got a new netgear router the other day and it used this. Default admin and default wpa2 key were randomly-generated at the factory and printed on the back of the router. If/when my parents need a new router I'm going to have them get one of these and never have to guide them through the security gui again.
While I do like the idea, att boxes are very low quality and drop wifi connections constantly. I've always installed a ubuqiti router and AP. Apparently it's impossible to disable the firewall on the att box also. I've actually called att and had the conversation: "can you enable some ports". CSR, which ones? Tcp and udp 1-65,535...
For most users, this really isn't a problem. I never had many problems using the ATT stock boxes for routing, but like you have moved on to better solutions. But we also understand how to secure our devices. Even newer consumer routers are following this same strategy of printed admin passwords, so if a consumer is deciding to replace it with a newer device it still works! :)
