Default passwords such as ‘admin’, ‘1234’ and ‘password’ will be illegal for electronics firms to use in California from 2020 as part of a crackdown on cyber attacks. Law has been passed that requires manufacturers to give gadget unique passwords. Manufacturers often use a single password because it is easier for them. However, lots of consumers don’t bother to change this password. Now, customers who have gadgets hacked could sue a company as a result.
The move has come as an effort to better protect the residents from falling victim to cyber attacks and set higher security standards for net-connected devices made or sold in the region. Before now, easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm. Net-connected cameras, in the past, have helped attackers stage large-scale attacks.
Default passwords often allow hackers to easily access consumer devices. Now, manufacturers will be required to give each gadget a unique, complex password and ‘reasonable’ security features.
The Information Privacy: Connected Devices bill requires that all electronics manufacturers equip their devices with “reasonable” security features. This means they can either use unique passwords on their products or include a start-up procedure that forces users to generate their own when setting up their device for the first time.
The bill means that customers who have their gadgets hacked could sue a company if it did not abide by these new changes.
Writing on tech news site the Register Kieren McCarthy said the law was “a step forward” but also a “massive missed opportunity”. According to McCarthy, devices that can not be updated are just as big of a problem as poor passwords and California should have included a clause that required manufacturers to make their devices updatable so that they could be passed following a cyber attack.