Weak default passwords to be made illegal in California

Come 2020 manufacturers will be forced to preprogram unique default passwords into every device they make

password on posit note

California lawmakers have passed a legislation that will make default passwords such as 'admin' and 'password' illegal in the state from 2020.

The Information Privacy: Connected Devices Bill, which will begin on 1 January 2020, will require manufacturers of connected devices to set unique preprogrammed default passwords for every single device they make.

"This bill would require a manufacturer of a connected device to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified," the bill stated.

The bill will also allow customers who suffer due to a weak default password to sue if a company is found to have ignored the law.

Highlighting the need for strong laws and manufacturers to strengthen device security, a number of recent cyber attacks have used default and easy to guess passwords as a route into peoples homes and businesses, allowing for the spread of various types of malware.

Recently, a research paper from Yossi Oren of Ben-Gurion University said that household devices such as baby monitors, home security and web cameras, doorbells and thermostats shared the same common default passwords and that consumers rarely changed them after purchase.

Last year, routers made by BT, TalkTalk and Sky were found to have the same password flaw as Virgin Super Hub 2 devices, which were easy targets for criminals because of weak default passwords.

In May, Cisco's cybersecurity division, Talos, warned that hackers had infected some 500,000 internet routers and storage devices with Russian state-developed malware called VPNFiler after exploiting weak passwords. 

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021