Which of the following is not considered a device hardening measure?

Keeping default passwords for routers is not considered a device hardening measure because it significantly reduces the security of the device. Default passwords are common knowledge and can easily be exploited by unauthorized users to gain access to the network or the device itself.

In contrast, installing anti-virus software enhances the security of the device by protecting it from malware and other cyber threats. Regularly updating security patches is a critical practice to fix vulnerabilities and improve security, ensuring the device is protected against known exploits. Uninstalling unnecessary programs also contributes to device hardening by reducing the potential attack surface, as fewer programs mean fewer vulnerabilities and points of entry for threats. Each of these measures actively contributes to strengthening the security posture of devices, whereas maintaining default passwords does not.