California has seemingly had a lot of silly laws get implemented over the past few months. Hope you do not expect to get a plastic straw for your drink. There has been one area though that the state has stood out for and that is Internet security. The state legislature has passed some of the strictest data privacy laws in the US and a new law would make weak passwords for devices that connect to the Internet illegal.

Default passwords

It seems like every device that connects to the Internet has a weak default password, be it admin, password or setup. These default passwords are at the center of many hacks as it gives a hacker easy access to a device, either by already knowing the default password or being able to guess it easily. It does not help that many people never bother to change it either during the setup of the device, either not knowing that it can be changed or just not wanting to be bothered to do it.

Legislation in California

The bill passed into law, the Information Privacy: Connected Devices bill requires hardware manufacturers to equip any Internet connected device with “reasonable” security features. What is reasonable may be left up to the company. It could be a default password to start followed by forcing the user to set up a stronger password. It could be each device being given its own unique password. A step forward certainly and considering that every manufacturer does business in states other than California too so this will affect every device that comes onto the market seemingly.

California’s bill only applies to devices being manufactured after January 1, 2020. It says nothing about devices already in use and it also says nothing about the individual user’s passwords of the many sites that can be found on the Internet. It also does nothing to address the inability to update many of the devices in use though one has to wonder how much can be done about that? There is more work to be done certainly.

Change your default passwords anyway

Default passwords are seemingly found on everything, from our routers to printers to guest accounts on many computers. In most instances changing the password is easy and that simple act makes the chance of a malicious actor making entry into a system much lower. Strong passwords make that chance even smaller. With the number of data breaches that have occurred over the past several years security should be on the top of everyone’s mind, from business owners to the individual. Small acts like changing a default password to a strong password on vulnerable devices can do wonders.

Want to know if your device has a default password on it? Check out this link. If you see your device there, better find out how to update it. No guessing is required for anyone who needs your default password! For now at least you will not be dragged off in handcuffs for having a weak password but you might regret not changing it. It is a shame that California has to legislate this but it seems to be the only way.

Comments are closed.

Scroll to Top