‘Admin’, ‘password’ and other weak passwords will no longer cut it

Default passwords such as ‘admin’, ‘1234’ and ‘password’ will be illegal for electronics firms to use in California from 2020 as part of a crackdown on cyber attacks. Law has been passed that requires manufacturers to give gadget unique passwords. Manufacturers often use a single password because it is easier for them. However, lots of consumers don't bother to change this password. Now, customers who have gadgets hacked could sue a company as a result.

The move has come as an effort to better protect the residents from falling victim to cyber attacks and set higher security standards for net-connected devices made or sold in the region. Before now, easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm. Net-connected cameras, in the past, have helped attackers stage large-scale attacks.

Default passwords often allow hackers to easily access consumer devices. Now, manufacturers will be required to give each gadget a unique, complex password and 'reasonable' security features.

The Information Privacy: Connected Devices bill requires that all electronics manufacturers equip their devices with “reasonable” security features. This means they can either use unique passwords on their products or include a start-up procedure that forces users to generate their own when setting up their device for the first time.

The bill means that customers who have their gadgets hacked could sue a company if it did not abide by these new changes.

Writing on tech news site the Register Kieren McCarthy said the law was "a step forward" but also a "massive missed opportunity". According to McCarthy, devices that can not be updated are just as big of a problem as poor passwords and California should have included a clause that required manufacturers to make their devices updatable so that they could be passed following a cyber attack.


from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2NrFlSk