California prohibits use of weak default passwords

Share this…

Passwords like “admin” or “password” set by default will be illegal in 2020

The state of California has recently passed a law that establishes higher safety standards for any device connected to the network that is manufactured or sold in its territory.

According to experts in digital forensics from the International Institute of Cyber Security, this new law requires that each device be assigned a unique password when it is manufactured.

Before this, factory passwords were easy to guess, so they had helped to consummate some cyberattacks very quickly, provoking many losses for individual users and organizations, report the specialists in digital forensics.

The Information Privacy Act, in its Connected Devices section, requires electronic product manufacturers to equip their products with “reasonable” safety features. This can mean a single password or a startup procedure that forces users to generate their own code when they use their devices for the first time.

The bill will also allow customers who suffer losses to sue for damages when a company ignores the law.

Kieren McCarthy, a cybersecurity and digital forensics specialist, believes the law is “a step forward” but also a great opportunity lost”. “a serious problem that poor passwords did not contemplate was the creation of devices that could not be updated”, the expert said.

According to the specialist, California should have added clauses that would force manufacturers of these devices to take a more complete approach, the expert said, to limit the amount of access that malicious hackers can get on phones, laptops, tablets, and other smart devices for home and business use.

Many recent cyberattacks have taken advantage of the predetermined and easy-to-guess passwords on devices found in millions of homes and offices.

At the end of 2016, Twitter, Spotify and Reddit were among the sites disconnected by an attack that took advantage of poor passwords on many network-connected devices, including web cams and other so-called home hardware.

This type of deficiencies in the design of the devices also leaves open the door to the botnets, which, as it has been proven, can compromise many websites through connected devices.