IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Weak default passwords to be made illegal in California

Come 2020 manufacturers will be forced to preprogram unique default passwords into every device they make

password on posit note

California lawmakers have passed a legislation that will make default passwords such as 'admin' and 'password' illegal in the state from 2020.

The Information Privacy: Connected Devices Bill, which will begin on 1 January 2020, will require manufacturers of connected devices to set unique preprogrammed default passwords for every single device they make.

"This bill would require a manufacturer of a connected device to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified," the bill stated.

The bill will also allow customers who suffer due to a weak default password to sue if a company is found to have ignored the law.

Highlighting the need for strong laws and manufacturers to strengthen device security, a number of recent cyber attacks have used default and easy to guess passwords as a route into peoples homes and businesses, allowing for the spread of various types of malware.

Recently, a research paper from Yossi Oren of Ben-Gurion University said that household devices such as baby monitors, home security and web cameras, doorbells and thermostats shared the same common default passwords and that consumers rarely changed them after purchase.

Last year, routers made by BT, TalkTalk and Sky were found to have the same password flaw as Virgin Super Hub 2 devices, which were easy targets for criminals because of weak default passwords.

In May, Cisco's cybersecurity division, Talos, warned that hackers had infected some 500,000 internet routers and storage devices with Russian state-developed malware called VPNFiler after exploiting weak passwords. 

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Machine learning vs AI vs NLP
Business strategy

Machine learning vs AI vs NLP

8 Jul 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
World’s biggest four-day working week trial kicks off in UK
flexible working

World’s biggest four-day working week trial kicks off in UK

6 Jun 2022
Pushing cloud AI closer to the edge
machine learning

Pushing cloud AI closer to the edge

1 Jun 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022