In an effort to better protect its residents from falling victim to cyber attacks, California has announced that it will ban weak passwords from 2020.
Default passwords such as “admin” and “password” will be illegal for electronics manufacturers to use in the state as they often allow hackers to easily access consumer devices.
California has passed a law that sets higher security standard for all Internet-connected devices made or sold in the region. Under the new law, each gadget must be given a unique password when it is made.
The Information Privacy: Connected Devices (opens in new tab) bill requires that all electronics manufacturers equip their devices with “reasonable” security features. This means they can either use unique passwords on their products or include a start-up procedure that forces users to generate their own when setting up their device for the first time.
Customers who suffer damages when a company ignores the law will also be able to sue for damages.
In a post on the Register (opens in new tab), Kieran McCarthy called the law a “step forward” but also highlighted the fact that it was a “massive missed opportunity” as well. According to McCarthy, devices that can not be updated are just as big of a problem as poor passwords and California should have included a clause that required manufacturers to make their devices updatable so that they could be passed following a cyberattack.
Either way, California's decision to ban weak passwords is a step in the right direction and hopefully other states and countries will follow suit in making device manufacturers more responsible for their products' security.
Image Credit: Scyther5 / Shutterstock